@blamejs/blamejs-shop 0.0.44

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (1220) hide show
  1. package/CHANGELOG.md +87 -0
  2. package/LICENSE +17 -0
  3. package/README.md +117 -0
  4. package/SECURITY.md +139 -0
  5. package/lib/admin.js +952 -0
  6. package/lib/analytics.js +267 -0
  7. package/lib/cart.js +279 -0
  8. package/lib/catalog-import.js +344 -0
  9. package/lib/catalog.js +769 -0
  10. package/lib/checkout.js +320 -0
  11. package/lib/config.js +151 -0
  12. package/lib/customers.js +322 -0
  13. package/lib/email.js +242 -0
  14. package/lib/externaldb-d1.js +283 -0
  15. package/lib/index.js +57 -0
  16. package/lib/inventory-alerts.js +198 -0
  17. package/lib/newsletter.js +142 -0
  18. package/lib/order.js +380 -0
  19. package/lib/payment.js +318 -0
  20. package/lib/pricing.js +185 -0
  21. package/lib/r2-bridge.js +169 -0
  22. package/lib/shipping.js +185 -0
  23. package/lib/storefront.js +2160 -0
  24. package/lib/subscriptions.js +410 -0
  25. package/lib/tax.js +161 -0
  26. package/lib/theme.js +194 -0
  27. package/lib/vendor/MANIFEST.json +19 -0
  28. package/lib/vendor/blamejs/.clusterfuzzlite/Dockerfile +23 -0
  29. package/lib/vendor/blamejs/.clusterfuzzlite/build.sh +34 -0
  30. package/lib/vendor/blamejs/.clusterfuzzlite/project.yaml +16 -0
  31. package/lib/vendor/blamejs/.dockerignore +45 -0
  32. package/lib/vendor/blamejs/.gitattributes +42 -0
  33. package/lib/vendor/blamejs/.github/CODEOWNERS +4 -0
  34. package/lib/vendor/blamejs/.github/FUNDING.yml +2 -0
  35. package/lib/vendor/blamejs/.github/ISSUE_TEMPLATE/bug_report.md +58 -0
  36. package/lib/vendor/blamejs/.github/ISSUE_TEMPLATE/config.yml +8 -0
  37. package/lib/vendor/blamejs/.github/ISSUE_TEMPLATE/feature_request.md +99 -0
  38. package/lib/vendor/blamejs/.github/PULL_REQUEST_TEMPLATE.md +77 -0
  39. package/lib/vendor/blamejs/.github/dependabot.yml +37 -0
  40. package/lib/vendor/blamejs/.github/workflows/actions-lint.yml +148 -0
  41. package/lib/vendor/blamejs/.github/workflows/cflite_batch.yml +107 -0
  42. package/lib/vendor/blamejs/.github/workflows/cflite_pr.yml +122 -0
  43. package/lib/vendor/blamejs/.github/workflows/ci.yml +511 -0
  44. package/lib/vendor/blamejs/.github/workflows/codeql.yml +50 -0
  45. package/lib/vendor/blamejs/.github/workflows/npm-publish.yml +655 -0
  46. package/lib/vendor/blamejs/.github/workflows/release-container.yml +406 -0
  47. package/lib/vendor/blamejs/.github/workflows/scorecard.yml +101 -0
  48. package/lib/vendor/blamejs/.github/workflows/sha-to-tag-verify.yml +134 -0
  49. package/lib/vendor/blamejs/.gitignore +102 -0
  50. package/lib/vendor/blamejs/.gitleaks.toml +166 -0
  51. package/lib/vendor/blamejs/.hadolint.yaml +18 -0
  52. package/lib/vendor/blamejs/.npmrc +5 -0
  53. package/lib/vendor/blamejs/.pinact.yaml +17 -0
  54. package/lib/vendor/blamejs/ARCHITECTURE.md +158 -0
  55. package/lib/vendor/blamejs/CHANGELOG.md +1351 -0
  56. package/lib/vendor/blamejs/CODE_OF_CONDUCT.md +86 -0
  57. package/lib/vendor/blamejs/CONTRIBUTING.md +156 -0
  58. package/lib/vendor/blamejs/GOVERNANCE.md +201 -0
  59. package/lib/vendor/blamejs/LICENSE +201 -0
  60. package/lib/vendor/blamejs/LTS-CALENDAR.md +29 -0
  61. package/lib/vendor/blamejs/MIGRATING.md +29 -0
  62. package/lib/vendor/blamejs/NOTICE +81 -0
  63. package/lib/vendor/blamejs/README.md +304 -0
  64. package/lib/vendor/blamejs/SECURITY.md +432 -0
  65. package/lib/vendor/blamejs/api-snapshot.json +48709 -0
  66. package/lib/vendor/blamejs/assets/BlameJS_Logo.png +0 -0
  67. package/lib/vendor/blamejs/assets/BlameJS_Logo.svg +129 -0
  68. package/lib/vendor/blamejs/bench/README.md +77 -0
  69. package/lib/vendor/blamejs/bench/_helpers.js +70 -0
  70. package/lib/vendor/blamejs/bench/baseline.json +183 -0
  71. package/lib/vendor/blamejs/bench/crypto-hash.bench.js +19 -0
  72. package/lib/vendor/blamejs/bench/crypto-symmetric.bench.js +28 -0
  73. package/lib/vendor/blamejs/bench/run.js +140 -0
  74. package/lib/vendor/blamejs/bench/safe-json.bench.js +31 -0
  75. package/lib/vendor/blamejs/bin/blamejs.js +13 -0
  76. package/lib/vendor/blamejs/docker/caddy/Caddyfile +46 -0
  77. package/lib/vendor/blamejs/docker/coredns/Corefile +37 -0
  78. package/lib/vendor/blamejs/docker/haproxy/haproxy.cfg +52 -0
  79. package/lib/vendor/blamejs/docker/init/generate-certs.sh +118 -0
  80. package/lib/vendor/blamejs/docker/keycloak/realm-blamejs-test.json +87 -0
  81. package/lib/vendor/blamejs/docker/mitmproxy/config.yaml +16 -0
  82. package/lib/vendor/blamejs/docker/mongo/init-tls.sh +17 -0
  83. package/lib/vendor/blamejs/docker/mysql/my.cnf +12 -0
  84. package/lib/vendor/blamejs/docker/nats/nats.conf +33 -0
  85. package/lib/vendor/blamejs/docker/postgres/init-tls.sh +17 -0
  86. package/lib/vendor/blamejs/docker/postgres/postgresql.conf +18 -0
  87. package/lib/vendor/blamejs/docker/rabbitmq/rabbitmq.conf +18 -0
  88. package/lib/vendor/blamejs/docker/redis/redis.conf +15 -0
  89. package/lib/vendor/blamejs/docker/squid/squid.conf +24 -0
  90. package/lib/vendor/blamejs/docker/syslog/syslog-ng.conf +34 -0
  91. package/lib/vendor/blamejs/docker-compose.test.yml +545 -0
  92. package/lib/vendor/blamejs/docs/cis-postgres-crosswalk.md +102 -0
  93. package/lib/vendor/blamejs/docs/cis-sqlite-equivalent.md +92 -0
  94. package/lib/vendor/blamejs/eslint.config.mjs +204 -0
  95. package/lib/vendor/blamejs/examples/wiki/Caddyfile +40 -0
  96. package/lib/vendor/blamejs/examples/wiki/DEPLOY.md +218 -0
  97. package/lib/vendor/blamejs/examples/wiki/Dockerfile +120 -0
  98. package/lib/vendor/blamejs/examples/wiki/README.md +157 -0
  99. package/lib/vendor/blamejs/examples/wiki/cli-snapshot.json +250 -0
  100. package/lib/vendor/blamejs/examples/wiki/docker-compose.prod.yml +231 -0
  101. package/lib/vendor/blamejs/examples/wiki/docker-compose.yml +166 -0
  102. package/lib/vendor/blamejs/examples/wiki/env-snapshot.json +217 -0
  103. package/lib/vendor/blamejs/examples/wiki/lib/auto-site-entries.js +139 -0
  104. package/lib/vendor/blamejs/examples/wiki/lib/build-app.js +555 -0
  105. package/lib/vendor/blamejs/examples/wiki/lib/harvest-cli.js +507 -0
  106. package/lib/vendor/blamejs/examples/wiki/lib/harvest-env-vars.js +435 -0
  107. package/lib/vendor/blamejs/examples/wiki/lib/harvest-errors.js +282 -0
  108. package/lib/vendor/blamejs/examples/wiki/lib/harvest-vendored-deps.js +321 -0
  109. package/lib/vendor/blamejs/examples/wiki/lib/nav.js +15 -0
  110. package/lib/vendor/blamejs/examples/wiki/lib/opts-resolver.js +75 -0
  111. package/lib/vendor/blamejs/examples/wiki/lib/page-generator.js +508 -0
  112. package/lib/vendor/blamejs/examples/wiki/lib/section.js +276 -0
  113. package/lib/vendor/blamejs/examples/wiki/lib/source-comment-block-validator.js +587 -0
  114. package/lib/vendor/blamejs/examples/wiki/lib/source-doc-parser.js +318 -0
  115. package/lib/vendor/blamejs/examples/wiki/lib/symbol-index.js +122 -0
  116. package/lib/vendor/blamejs/examples/wiki/migrations/0001-pages-schema.js +74 -0
  117. package/lib/vendor/blamejs/examples/wiki/package.json +18 -0
  118. package/lib/vendor/blamejs/examples/wiki/public/img/blamejs-logo.png +0 -0
  119. package/lib/vendor/blamejs/examples/wiki/public/img/blamejs-logo.svg +129 -0
  120. package/lib/vendor/blamejs/examples/wiki/public/robots.txt +5 -0
  121. package/lib/vendor/blamejs/examples/wiki/public/vendor/MANIFEST.json +30 -0
  122. package/lib/vendor/blamejs/examples/wiki/public/vendor/prism.css +1 -0
  123. package/lib/vendor/blamejs/examples/wiki/public/vendor/prism.js +15 -0
  124. package/lib/vendor/blamejs/examples/wiki/public/wiki.css +1250 -0
  125. package/lib/vendor/blamejs/examples/wiki/routes/admin.js +366 -0
  126. package/lib/vendor/blamejs/examples/wiki/routes/integration.js +230 -0
  127. package/lib/vendor/blamejs/examples/wiki/routes/pages.js +266 -0
  128. package/lib/vendor/blamejs/examples/wiki/scripts/backfill-module-metadata.js +214 -0
  129. package/lib/vendor/blamejs/examples/wiki/seeders/prod/0001-default-pages.js +35 -0
  130. package/lib/vendor/blamejs/examples/wiki/seeders/prod/pages/_index.js +34 -0
  131. package/lib/vendor/blamejs/examples/wiki/seeders/prod/pages/api.js +76 -0
  132. package/lib/vendor/blamejs/examples/wiki/server.js +129 -0
  133. package/lib/vendor/blamejs/examples/wiki/site.config.js +197 -0
  134. package/lib/vendor/blamejs/examples/wiki/snippets/README.md +38 -0
  135. package/lib/vendor/blamejs/examples/wiki/snippets/auth/password-hash.example.js +15 -0
  136. package/lib/vendor/blamejs/examples/wiki/src/editor.js +103 -0
  137. package/lib/vendor/blamejs/examples/wiki/src/wiki.js +349 -0
  138. package/lib/vendor/blamejs/examples/wiki/test/AUDIT.md +155 -0
  139. package/lib/vendor/blamejs/examples/wiki/test/codebase-patterns.test.js +594 -0
  140. package/lib/vendor/blamejs/examples/wiki/test/e2e.js +741 -0
  141. package/lib/vendor/blamejs/examples/wiki/test/find-missing-pages.js +254 -0
  142. package/lib/vendor/blamejs/examples/wiki/test/integration.js +391 -0
  143. package/lib/vendor/blamejs/examples/wiki/test/validate-cli-snapshot.js +379 -0
  144. package/lib/vendor/blamejs/examples/wiki/test/validate-env-snapshot.js +346 -0
  145. package/lib/vendor/blamejs/examples/wiki/test/validate-nav-coverage.js +212 -0
  146. package/lib/vendor/blamejs/examples/wiki/test/validate-site-coverage.js +252 -0
  147. package/lib/vendor/blamejs/examples/wiki/test/validate-source-comment-blocks.js +107 -0
  148. package/lib/vendor/blamejs/examples/wiki/views/_layout.html +115 -0
  149. package/lib/vendor/blamejs/examples/wiki/views/admin/api-keys.html +51 -0
  150. package/lib/vendor/blamejs/examples/wiki/views/admin/dashboard.html +22 -0
  151. package/lib/vendor/blamejs/examples/wiki/views/admin/edit.html +17 -0
  152. package/lib/vendor/blamejs/examples/wiki/views/home.html +85 -0
  153. package/lib/vendor/blamejs/examples/wiki/views/login.html +18 -0
  154. package/lib/vendor/blamejs/examples/wiki/views/page.html +5 -0
  155. package/lib/vendor/blamejs/examples/wiki/views/partials/nav.html +13 -0
  156. package/lib/vendor/blamejs/examples/wiki/views/search.html +19 -0
  157. package/lib/vendor/blamejs/examples/wiki/wiki.config.js +15 -0
  158. package/lib/vendor/blamejs/fuzz/README.md +137 -0
  159. package/lib/vendor/blamejs/fuzz/_expected.js +35 -0
  160. package/lib/vendor/blamejs/fuzz/guard-agent-registry.fuzz.js +22 -0
  161. package/lib/vendor/blamejs/fuzz/guard-csv.fuzz.js +16 -0
  162. package/lib/vendor/blamejs/fuzz/guard-csv_seed_corpus/01-basic.csv +3 -0
  163. package/lib/vendor/blamejs/fuzz/guard-csv_seed_corpus/02-formula.csv +1 -0
  164. package/lib/vendor/blamejs/fuzz/guard-csv_seed_corpus/03-hyperlink.csv +1 -0
  165. package/lib/vendor/blamejs/fuzz/guard-dsn.fuzz.js +22 -0
  166. package/lib/vendor/blamejs/fuzz/guard-email.fuzz.js +16 -0
  167. package/lib/vendor/blamejs/fuzz/guard-email_seed_corpus/01-basic.eml +5 -0
  168. package/lib/vendor/blamejs/fuzz/guard-envelope.fuzz.js +24 -0
  169. package/lib/vendor/blamejs/fuzz/guard-event-bus-payload.fuzz.js +24 -0
  170. package/lib/vendor/blamejs/fuzz/guard-event-bus-topic.fuzz.js +20 -0
  171. package/lib/vendor/blamejs/fuzz/guard-html.fuzz.js +16 -0
  172. package/lib/vendor/blamejs/fuzz/guard-html_seed_corpus/01-basic.html +1 -0
  173. package/lib/vendor/blamejs/fuzz/guard-html_seed_corpus/02-script.html +1 -0
  174. package/lib/vendor/blamejs/fuzz/guard-html_seed_corpus/03-event.html +1 -0
  175. package/lib/vendor/blamejs/fuzz/guard-html_seed_corpus/04-jsurl.html +1 -0
  176. package/lib/vendor/blamejs/fuzz/guard-idempotency-key.fuzz.js +20 -0
  177. package/lib/vendor/blamejs/fuzz/guard-imap-command.fuzz.js +35 -0
  178. package/lib/vendor/blamejs/fuzz/guard-jmap.fuzz.js +41 -0
  179. package/lib/vendor/blamejs/fuzz/guard-json.fuzz.js +16 -0
  180. package/lib/vendor/blamejs/fuzz/guard-json_seed_corpus/01-basic.json +1 -0
  181. package/lib/vendor/blamejs/fuzz/guard-json_seed_corpus/02-proto.json +1 -0
  182. package/lib/vendor/blamejs/fuzz/guard-json_seed_corpus/03-dupkey.json +1 -0
  183. package/lib/vendor/blamejs/fuzz/guard-json_seed_corpus/04-nan.json +1 -0
  184. package/lib/vendor/blamejs/fuzz/guard-json_seed_corpus/05-bom.json +1 -0
  185. package/lib/vendor/blamejs/fuzz/guard-list-id.fuzz.js +21 -0
  186. package/lib/vendor/blamejs/fuzz/guard-list-unsubscribe.fuzz.js +25 -0
  187. package/lib/vendor/blamejs/fuzz/guard-mail-compose.fuzz.js +22 -0
  188. package/lib/vendor/blamejs/fuzz/guard-mail-move.fuzz.js +22 -0
  189. package/lib/vendor/blamejs/fuzz/guard-mail-query.fuzz.js +27 -0
  190. package/lib/vendor/blamejs/fuzz/guard-mail-reply.fuzz.js +23 -0
  191. package/lib/vendor/blamejs/fuzz/guard-mail-sieve.fuzz.js +36 -0
  192. package/lib/vendor/blamejs/fuzz/guard-managesieve-command.fuzz.js +26 -0
  193. package/lib/vendor/blamejs/fuzz/guard-markdown.fuzz.js +16 -0
  194. package/lib/vendor/blamejs/fuzz/guard-markdown_seed_corpus/01-basic.md +2 -0
  195. package/lib/vendor/blamejs/fuzz/guard-markdown_seed_corpus/02-jsurl.md +1 -0
  196. package/lib/vendor/blamejs/fuzz/guard-markdown_seed_corpus/03-jsimg.md +1 -0
  197. package/lib/vendor/blamejs/fuzz/guard-message-id.fuzz.js +26 -0
  198. package/lib/vendor/blamejs/fuzz/guard-pop3-command.fuzz.js +23 -0
  199. package/lib/vendor/blamejs/fuzz/guard-posture-chain.fuzz.js +22 -0
  200. package/lib/vendor/blamejs/fuzz/guard-saga-config.fuzz.js +32 -0
  201. package/lib/vendor/blamejs/fuzz/guard-smtp-command.fuzz.js +27 -0
  202. package/lib/vendor/blamejs/fuzz/guard-snapshot-envelope.fuzz.js +22 -0
  203. package/lib/vendor/blamejs/fuzz/guard-stream-args.fuzz.js +22 -0
  204. package/lib/vendor/blamejs/fuzz/guard-svg.fuzz.js +16 -0
  205. package/lib/vendor/blamejs/fuzz/guard-svg_seed_corpus/01-basic.svg +1 -0
  206. package/lib/vendor/blamejs/fuzz/guard-svg_seed_corpus/02-script.svg +1 -0
  207. package/lib/vendor/blamejs/fuzz/guard-tenant-id.fuzz.js +20 -0
  208. package/lib/vendor/blamejs/fuzz/guard-trace-context.fuzz.js +30 -0
  209. package/lib/vendor/blamejs/fuzz/guard-xml.fuzz.js +16 -0
  210. package/lib/vendor/blamejs/fuzz/guard-xml_seed_corpus/01-basic.xml +1 -0
  211. package/lib/vendor/blamejs/fuzz/guard-xml_seed_corpus/02-xxe.xml +1 -0
  212. package/lib/vendor/blamejs/fuzz/guard-yaml.fuzz.js +16 -0
  213. package/lib/vendor/blamejs/fuzz/guard-yaml_seed_corpus/01-basic.yaml +2 -0
  214. package/lib/vendor/blamejs/fuzz/guard-yaml_seed_corpus/02-anchor.yaml +2 -0
  215. package/lib/vendor/blamejs/fuzz/guard-yaml_seed_corpus/03-norway.yaml +1 -0
  216. package/lib/vendor/blamejs/fuzz/guard-yaml_seed_corpus/04-multidoc.yaml +4 -0
  217. package/lib/vendor/blamejs/fuzz/parsers__safe-ini.fuzz.js +16 -0
  218. package/lib/vendor/blamejs/fuzz/parsers__safe-ini_seed_corpus/01-basic.ini +2 -0
  219. package/lib/vendor/blamejs/fuzz/parsers__safe-toml.fuzz.js +16 -0
  220. package/lib/vendor/blamejs/fuzz/parsers__safe-toml_seed_corpus/01-basic.toml +4 -0
  221. package/lib/vendor/blamejs/fuzz/parsers__safe-xml.fuzz.js +16 -0
  222. package/lib/vendor/blamejs/fuzz/parsers__safe-xml_seed_corpus/01-basic.xml +1 -0
  223. package/lib/vendor/blamejs/fuzz/parsers__safe-yaml.fuzz.js +16 -0
  224. package/lib/vendor/blamejs/fuzz/parsers__safe-yaml_seed_corpus/01-basic.yaml +4 -0
  225. package/lib/vendor/blamejs/fuzz/safe-decompress.fuzz.js +49 -0
  226. package/lib/vendor/blamejs/fuzz/safe-dns.fuzz.js +29 -0
  227. package/lib/vendor/blamejs/fuzz/safe-ical.fuzz.js +16 -0
  228. package/lib/vendor/blamejs/fuzz/safe-icap.fuzz.js +42 -0
  229. package/lib/vendor/blamejs/fuzz/safe-json.fuzz.js +25 -0
  230. package/lib/vendor/blamejs/fuzz/safe-json_seed_corpus/01-object.txt +1 -0
  231. package/lib/vendor/blamejs/fuzz/safe-json_seed_corpus/02-array.txt +1 -0
  232. package/lib/vendor/blamejs/fuzz/safe-json_seed_corpus/03-string.txt +1 -0
  233. package/lib/vendor/blamejs/fuzz/safe-json_seed_corpus/04-proto.txt +1 -0
  234. package/lib/vendor/blamejs/fuzz/safe-json_seed_corpus/05-deep.txt +1 -0
  235. package/lib/vendor/blamejs/fuzz/safe-jsonpath.fuzz.js +16 -0
  236. package/lib/vendor/blamejs/fuzz/safe-jsonpath_seed_corpus/01-basic.txt +1 -0
  237. package/lib/vendor/blamejs/fuzz/safe-jsonpath_seed_corpus/02-filter.txt +1 -0
  238. package/lib/vendor/blamejs/fuzz/safe-jsonpath_seed_corpus/03-deepscan.txt +1 -0
  239. package/lib/vendor/blamejs/fuzz/safe-jsonpath_seed_corpus/04-slice.txt +1 -0
  240. package/lib/vendor/blamejs/fuzz/safe-mime.fuzz.js +27 -0
  241. package/lib/vendor/blamejs/fuzz/safe-mount-info.fuzz.js +33 -0
  242. package/lib/vendor/blamejs/fuzz/safe-sieve.fuzz.js +28 -0
  243. package/lib/vendor/blamejs/fuzz/safe-smtp.fuzz.js +64 -0
  244. package/lib/vendor/blamejs/fuzz/safe-url.fuzz.js +16 -0
  245. package/lib/vendor/blamejs/fuzz/safe-url_seed_corpus/01-basic.txt +1 -0
  246. package/lib/vendor/blamejs/fuzz/safe-url_seed_corpus/02-userinfo.txt +1 -0
  247. package/lib/vendor/blamejs/fuzz/safe-url_seed_corpus/03-dangerous.txt +1 -0
  248. package/lib/vendor/blamejs/fuzz/safe-url_seed_corpus/04-data.txt +1 -0
  249. package/lib/vendor/blamejs/fuzz/safe-url_seed_corpus/05-ipv6.txt +1 -0
  250. package/lib/vendor/blamejs/fuzz/safe-url_seed_corpus/06-idn.txt +1 -0
  251. package/lib/vendor/blamejs/fuzz/safe-vcard.fuzz.js +16 -0
  252. package/lib/vendor/blamejs/index.js +678 -0
  253. package/lib/vendor/blamejs/keys/release-pqc-pub.json +7 -0
  254. package/lib/vendor/blamejs/lib/_test/crypto-fixtures.js +67 -0
  255. package/lib/vendor/blamejs/lib/a2a-tasks.js +598 -0
  256. package/lib/vendor/blamejs/lib/a2a.js +407 -0
  257. package/lib/vendor/blamejs/lib/acme.js +1448 -0
  258. package/lib/vendor/blamejs/lib/agent-audit.js +45 -0
  259. package/lib/vendor/blamejs/lib/agent-event-bus.js +382 -0
  260. package/lib/vendor/blamejs/lib/agent-idempotency.js +497 -0
  261. package/lib/vendor/blamejs/lib/agent-orchestrator.js +717 -0
  262. package/lib/vendor/blamejs/lib/agent-posture-chain.js +366 -0
  263. package/lib/vendor/blamejs/lib/agent-saga.js +321 -0
  264. package/lib/vendor/blamejs/lib/agent-snapshot.js +676 -0
  265. package/lib/vendor/blamejs/lib/agent-stream.js +269 -0
  266. package/lib/vendor/blamejs/lib/agent-tenant.js +632 -0
  267. package/lib/vendor/blamejs/lib/agent-trace.js +281 -0
  268. package/lib/vendor/blamejs/lib/ai-adverse-decision.js +184 -0
  269. package/lib/vendor/blamejs/lib/ai-content-detect.js +268 -0
  270. package/lib/vendor/blamejs/lib/ai-input.js +201 -0
  271. package/lib/vendor/blamejs/lib/ai-model-manifest.js +363 -0
  272. package/lib/vendor/blamejs/lib/ai-pref.js +340 -0
  273. package/lib/vendor/blamejs/lib/api-key.js +721 -0
  274. package/lib/vendor/blamejs/lib/api-snapshot.js +458 -0
  275. package/lib/vendor/blamejs/lib/app-shutdown.js +557 -0
  276. package/lib/vendor/blamejs/lib/app.js +365 -0
  277. package/lib/vendor/blamejs/lib/archive.js +547 -0
  278. package/lib/vendor/blamejs/lib/arg-parser.js +697 -0
  279. package/lib/vendor/blamejs/lib/argon2-builtin.js +173 -0
  280. package/lib/vendor/blamejs/lib/asn1-der.js +424 -0
  281. package/lib/vendor/blamejs/lib/asyncapi-bindings.js +160 -0
  282. package/lib/vendor/blamejs/lib/asyncapi-traits.js +143 -0
  283. package/lib/vendor/blamejs/lib/asyncapi.js +575 -0
  284. package/lib/vendor/blamejs/lib/atomic-file.js +1023 -0
  285. package/lib/vendor/blamejs/lib/audit-chain.js +266 -0
  286. package/lib/vendor/blamejs/lib/audit-daily-review.js +389 -0
  287. package/lib/vendor/blamejs/lib/audit-sign.js +751 -0
  288. package/lib/vendor/blamejs/lib/audit-tools.js +1113 -0
  289. package/lib/vendor/blamejs/lib/audit.js +1671 -0
  290. package/lib/vendor/blamejs/lib/auth/aal.js +169 -0
  291. package/lib/vendor/blamejs/lib/auth/access-lock.js +220 -0
  292. package/lib/vendor/blamejs/lib/auth/acr-vocabulary.js +265 -0
  293. package/lib/vendor/blamejs/lib/auth/ato-kill-switch.js +112 -0
  294. package/lib/vendor/blamejs/lib/auth/auth-time-tracker.js +111 -0
  295. package/lib/vendor/blamejs/lib/auth/bot-challenge.js +573 -0
  296. package/lib/vendor/blamejs/lib/auth/ciba.js +637 -0
  297. package/lib/vendor/blamejs/lib/auth/dpop.js +516 -0
  298. package/lib/vendor/blamejs/lib/auth/elevation-grant.js +306 -0
  299. package/lib/vendor/blamejs/lib/auth/fal.js +229 -0
  300. package/lib/vendor/blamejs/lib/auth/fido-mds3.js +681 -0
  301. package/lib/vendor/blamejs/lib/auth/jwt-external.js +519 -0
  302. package/lib/vendor/blamejs/lib/auth/jwt.js +430 -0
  303. package/lib/vendor/blamejs/lib/auth/lockout.js +449 -0
  304. package/lib/vendor/blamejs/lib/auth/oauth.js +2141 -0
  305. package/lib/vendor/blamejs/lib/auth/oid4vci.js +657 -0
  306. package/lib/vendor/blamejs/lib/auth/oid4vp.js +531 -0
  307. package/lib/vendor/blamejs/lib/auth/openid-federation.js +600 -0
  308. package/lib/vendor/blamejs/lib/auth/passkey.js +676 -0
  309. package/lib/vendor/blamejs/lib/auth/password.js +693 -0
  310. package/lib/vendor/blamejs/lib/auth/saml.js +2109 -0
  311. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-disclosure.js +95 -0
  312. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-holder.js +225 -0
  313. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-issuer.js +197 -0
  314. package/lib/vendor/blamejs/lib/auth/sd-jwt-vc.js +728 -0
  315. package/lib/vendor/blamejs/lib/auth/status-list.js +272 -0
  316. package/lib/vendor/blamejs/lib/auth/step-up-policy.js +335 -0
  317. package/lib/vendor/blamejs/lib/auth/step-up.js +454 -0
  318. package/lib/vendor/blamejs/lib/auth-bot-challenge.js +505 -0
  319. package/lib/vendor/blamejs/lib/auth-header.js +148 -0
  320. package/lib/vendor/blamejs/lib/backup/bundle.js +265 -0
  321. package/lib/vendor/blamejs/lib/backup/crypto.js +176 -0
  322. package/lib/vendor/blamejs/lib/backup/index.js +1001 -0
  323. package/lib/vendor/blamejs/lib/backup/manifest.js +443 -0
  324. package/lib/vendor/blamejs/lib/boot-gates.js +174 -0
  325. package/lib/vendor/blamejs/lib/breach-deadline.js +272 -0
  326. package/lib/vendor/blamejs/lib/break-glass.js +1753 -0
  327. package/lib/vendor/blamejs/lib/budr.js +205 -0
  328. package/lib/vendor/blamejs/lib/bundler.js +461 -0
  329. package/lib/vendor/blamejs/lib/cache-redis.js +256 -0
  330. package/lib/vendor/blamejs/lib/cache-status.js +288 -0
  331. package/lib/vendor/blamejs/lib/cache.js +1331 -0
  332. package/lib/vendor/blamejs/lib/calendar.js +1240 -0
  333. package/lib/vendor/blamejs/lib/canonical-json.js +143 -0
  334. package/lib/vendor/blamejs/lib/cdn-cache-control.js +473 -0
  335. package/lib/vendor/blamejs/lib/cert.js +763 -0
  336. package/lib/vendor/blamejs/lib/chain-writer.js +259 -0
  337. package/lib/vendor/blamejs/lib/circuit-breaker.js +101 -0
  338. package/lib/vendor/blamejs/lib/cli-helpers.js +237 -0
  339. package/lib/vendor/blamejs/lib/cli.js +2328 -0
  340. package/lib/vendor/blamejs/lib/client-hints.js +318 -0
  341. package/lib/vendor/blamejs/lib/cloud-events.js +277 -0
  342. package/lib/vendor/blamejs/lib/cluster-provider-db.js +317 -0
  343. package/lib/vendor/blamejs/lib/cluster-storage.js +351 -0
  344. package/lib/vendor/blamejs/lib/cluster.js +1017 -0
  345. package/lib/vendor/blamejs/lib/cms-codec.js +826 -0
  346. package/lib/vendor/blamejs/lib/codepoint-class.js +262 -0
  347. package/lib/vendor/blamejs/lib/compliance-ai-act-logging.js +190 -0
  348. package/lib/vendor/blamejs/lib/compliance-ai-act-prohibited.js +205 -0
  349. package/lib/vendor/blamejs/lib/compliance-ai-act-risk.js +189 -0
  350. package/lib/vendor/blamejs/lib/compliance-ai-act-transparency.js +200 -0
  351. package/lib/vendor/blamejs/lib/compliance-ai-act.js +821 -0
  352. package/lib/vendor/blamejs/lib/compliance-eaa.js +204 -0
  353. package/lib/vendor/blamejs/lib/compliance-sanctions-aliases.js +167 -0
  354. package/lib/vendor/blamejs/lib/compliance-sanctions-fetcher.js +206 -0
  355. package/lib/vendor/blamejs/lib/compliance-sanctions-fuzzy.js +297 -0
  356. package/lib/vendor/blamejs/lib/compliance-sanctions.js +569 -0
  357. package/lib/vendor/blamejs/lib/compliance.js +1558 -0
  358. package/lib/vendor/blamejs/lib/config-drift.js +426 -0
  359. package/lib/vendor/blamejs/lib/config.js +446 -0
  360. package/lib/vendor/blamejs/lib/consent.js +369 -0
  361. package/lib/vendor/blamejs/lib/constants.js +209 -0
  362. package/lib/vendor/blamejs/lib/content-credentials.js +704 -0
  363. package/lib/vendor/blamejs/lib/cookies.js +560 -0
  364. package/lib/vendor/blamejs/lib/cra-report.js +299 -0
  365. package/lib/vendor/blamejs/lib/credential-hash.js +394 -0
  366. package/lib/vendor/blamejs/lib/crypto-field.js +1017 -0
  367. package/lib/vendor/blamejs/lib/crypto-hpke-pq.js +187 -0
  368. package/lib/vendor/blamejs/lib/crypto-hpke.js +256 -0
  369. package/lib/vendor/blamejs/lib/crypto.js +1908 -0
  370. package/lib/vendor/blamejs/lib/csp.js +271 -0
  371. package/lib/vendor/blamejs/lib/csv.js +418 -0
  372. package/lib/vendor/blamejs/lib/daemon.js +481 -0
  373. package/lib/vendor/blamejs/lib/dark-patterns.js +488 -0
  374. package/lib/vendor/blamejs/lib/data-act.js +328 -0
  375. package/lib/vendor/blamejs/lib/db-collection.js +587 -0
  376. package/lib/vendor/blamejs/lib/db-declare-row-policy.js +267 -0
  377. package/lib/vendor/blamejs/lib/db-declare-view.js +420 -0
  378. package/lib/vendor/blamejs/lib/db-file-lifecycle.js +333 -0
  379. package/lib/vendor/blamejs/lib/db-query.js +802 -0
  380. package/lib/vendor/blamejs/lib/db-role-context.js +50 -0
  381. package/lib/vendor/blamejs/lib/db-schema.js +322 -0
  382. package/lib/vendor/blamejs/lib/db.js +3111 -0
  383. package/lib/vendor/blamejs/lib/dbsc.js +299 -0
  384. package/lib/vendor/blamejs/lib/ddl-change-control.js +523 -0
  385. package/lib/vendor/blamejs/lib/deprecate.js +377 -0
  386. package/lib/vendor/blamejs/lib/dev.js +405 -0
  387. package/lib/vendor/blamejs/lib/dora.js +402 -0
  388. package/lib/vendor/blamejs/lib/dr-runbook.js +368 -0
  389. package/lib/vendor/blamejs/lib/dsr.js +1188 -0
  390. package/lib/vendor/blamejs/lib/dual-control.js +526 -0
  391. package/lib/vendor/blamejs/lib/early-hints.js +212 -0
  392. package/lib/vendor/blamejs/lib/error-page.js +420 -0
  393. package/lib/vendor/blamejs/lib/events.js +214 -0
  394. package/lib/vendor/blamejs/lib/external-db-migrate.js +659 -0
  395. package/lib/vendor/blamejs/lib/external-db.js +1877 -0
  396. package/lib/vendor/blamejs/lib/fapi2.js +394 -0
  397. package/lib/vendor/blamejs/lib/fda-21cfr11.js +395 -0
  398. package/lib/vendor/blamejs/lib/fdx.js +370 -0
  399. package/lib/vendor/blamejs/lib/fedcm.js +264 -0
  400. package/lib/vendor/blamejs/lib/file-type.js +360 -0
  401. package/lib/vendor/blamejs/lib/file-upload.js +1256 -0
  402. package/lib/vendor/blamejs/lib/flag-cache.js +136 -0
  403. package/lib/vendor/blamejs/lib/flag-evaluation-context.js +135 -0
  404. package/lib/vendor/blamejs/lib/flag-providers.js +279 -0
  405. package/lib/vendor/blamejs/lib/flag-targeting.js +210 -0
  406. package/lib/vendor/blamejs/lib/flag.js +346 -0
  407. package/lib/vendor/blamejs/lib/forms.js +525 -0
  408. package/lib/vendor/blamejs/lib/framework-error.js +724 -0
  409. package/lib/vendor/blamejs/lib/framework-schema.js +845 -0
  410. package/lib/vendor/blamejs/lib/framework-sha1-hibp.js +34 -0
  411. package/lib/vendor/blamejs/lib/fsm.js +469 -0
  412. package/lib/vendor/blamejs/lib/gate-contract.js +1661 -0
  413. package/lib/vendor/blamejs/lib/gdpr-ropa.js +261 -0
  414. package/lib/vendor/blamejs/lib/graphql-federation.js +234 -0
  415. package/lib/vendor/blamejs/lib/guard-agent-registry.js +179 -0
  416. package/lib/vendor/blamejs/lib/guard-all.js +555 -0
  417. package/lib/vendor/blamejs/lib/guard-archive.js +901 -0
  418. package/lib/vendor/blamejs/lib/guard-auth.js +451 -0
  419. package/lib/vendor/blamejs/lib/guard-cidr.js +676 -0
  420. package/lib/vendor/blamejs/lib/guard-csv.js +1176 -0
  421. package/lib/vendor/blamejs/lib/guard-domain.js +814 -0
  422. package/lib/vendor/blamejs/lib/guard-dsn.js +382 -0
  423. package/lib/vendor/blamejs/lib/guard-email.js +951 -0
  424. package/lib/vendor/blamejs/lib/guard-envelope.js +294 -0
  425. package/lib/vendor/blamejs/lib/guard-event-bus-payload.js +217 -0
  426. package/lib/vendor/blamejs/lib/guard-event-bus-topic.js +150 -0
  427. package/lib/vendor/blamejs/lib/guard-filename.js +956 -0
  428. package/lib/vendor/blamejs/lib/guard-graphql.js +731 -0
  429. package/lib/vendor/blamejs/lib/guard-html-wcag-aria.js +164 -0
  430. package/lib/vendor/blamejs/lib/guard-html-wcag-forms.js +144 -0
  431. package/lib/vendor/blamejs/lib/guard-html-wcag-tables.js +154 -0
  432. package/lib/vendor/blamejs/lib/guard-html-wcag-tagwalk.js +44 -0
  433. package/lib/vendor/blamejs/lib/guard-html-wcag.js +470 -0
  434. package/lib/vendor/blamejs/lib/guard-html.js +1209 -0
  435. package/lib/vendor/blamejs/lib/guard-idempotency-key.js +151 -0
  436. package/lib/vendor/blamejs/lib/guard-image.js +584 -0
  437. package/lib/vendor/blamejs/lib/guard-imap-command.js +337 -0
  438. package/lib/vendor/blamejs/lib/guard-jmap.js +321 -0
  439. package/lib/vendor/blamejs/lib/guard-json.js +935 -0
  440. package/lib/vendor/blamejs/lib/guard-jsonpath.js +512 -0
  441. package/lib/vendor/blamejs/lib/guard-jwt.js +772 -0
  442. package/lib/vendor/blamejs/lib/guard-list-id.js +318 -0
  443. package/lib/vendor/blamejs/lib/guard-list-unsubscribe.js +412 -0
  444. package/lib/vendor/blamejs/lib/guard-mail-compose.js +282 -0
  445. package/lib/vendor/blamejs/lib/guard-mail-move.js +202 -0
  446. package/lib/vendor/blamejs/lib/guard-mail-query.js +310 -0
  447. package/lib/vendor/blamejs/lib/guard-mail-reply.js +172 -0
  448. package/lib/vendor/blamejs/lib/guard-mail-sieve.js +207 -0
  449. package/lib/vendor/blamejs/lib/guard-managesieve-command.js +566 -0
  450. package/lib/vendor/blamejs/lib/guard-markdown.js +768 -0
  451. package/lib/vendor/blamejs/lib/guard-message-id.js +267 -0
  452. package/lib/vendor/blamejs/lib/guard-mime.js +609 -0
  453. package/lib/vendor/blamejs/lib/guard-oauth.js +650 -0
  454. package/lib/vendor/blamejs/lib/guard-pdf.js +569 -0
  455. package/lib/vendor/blamejs/lib/guard-pop3-command.js +317 -0
  456. package/lib/vendor/blamejs/lib/guard-posture-chain.js +201 -0
  457. package/lib/vendor/blamejs/lib/guard-regex.js +632 -0
  458. package/lib/vendor/blamejs/lib/guard-saga-config.js +157 -0
  459. package/lib/vendor/blamejs/lib/guard-shell.js +522 -0
  460. package/lib/vendor/blamejs/lib/guard-smtp-command.js +594 -0
  461. package/lib/vendor/blamejs/lib/guard-snapshot-envelope.js +168 -0
  462. package/lib/vendor/blamejs/lib/guard-stream-args.js +166 -0
  463. package/lib/vendor/blamejs/lib/guard-svg.js +1163 -0
  464. package/lib/vendor/blamejs/lib/guard-template.js +490 -0
  465. package/lib/vendor/blamejs/lib/guard-tenant-id.js +138 -0
  466. package/lib/vendor/blamejs/lib/guard-time.js +586 -0
  467. package/lib/vendor/blamejs/lib/guard-trace-context.js +172 -0
  468. package/lib/vendor/blamejs/lib/guard-uuid.js +548 -0
  469. package/lib/vendor/blamejs/lib/guard-xml.js +666 -0
  470. package/lib/vendor/blamejs/lib/guard-yaml.js +726 -0
  471. package/lib/vendor/blamejs/lib/hal.js +125 -0
  472. package/lib/vendor/blamejs/lib/handlers.js +350 -0
  473. package/lib/vendor/blamejs/lib/honeytoken.js +168 -0
  474. package/lib/vendor/blamejs/lib/html-balance.js +347 -0
  475. package/lib/vendor/blamejs/lib/http-client-cache.js +923 -0
  476. package/lib/vendor/blamejs/lib/http-client-cookie-jar.js +519 -0
  477. package/lib/vendor/blamejs/lib/http-client.js +2152 -0
  478. package/lib/vendor/blamejs/lib/http-message-signature.js +589 -0
  479. package/lib/vendor/blamejs/lib/http2-teardown.js +34 -0
  480. package/lib/vendor/blamejs/lib/i18n-messageformat.js +398 -0
  481. package/lib/vendor/blamejs/lib/i18n.js +931 -0
  482. package/lib/vendor/blamejs/lib/iab-mspa.js +257 -0
  483. package/lib/vendor/blamejs/lib/iab-tcf.js +461 -0
  484. package/lib/vendor/blamejs/lib/importmap-integrity.js +90 -0
  485. package/lib/vendor/blamejs/lib/inbox.js +435 -0
  486. package/lib/vendor/blamejs/lib/incident-report.js +314 -0
  487. package/lib/vendor/blamejs/lib/ip-utils.js +102 -0
  488. package/lib/vendor/blamejs/lib/jobs.js +185 -0
  489. package/lib/vendor/blamejs/lib/jose-jwe-experimental.js +228 -0
  490. package/lib/vendor/blamejs/lib/jsonapi.js +230 -0
  491. package/lib/vendor/blamejs/lib/keychain.js +865 -0
  492. package/lib/vendor/blamejs/lib/lazy-require.js +48 -0
  493. package/lib/vendor/blamejs/lib/legal-hold.js +374 -0
  494. package/lib/vendor/blamejs/lib/local-db-thin.js +321 -0
  495. package/lib/vendor/blamejs/lib/log-stream-cloudwatch.js +369 -0
  496. package/lib/vendor/blamejs/lib/log-stream-local.js +146 -0
  497. package/lib/vendor/blamejs/lib/log-stream-otlp-grpc.js +410 -0
  498. package/lib/vendor/blamejs/lib/log-stream-otlp.js +286 -0
  499. package/lib/vendor/blamejs/lib/log-stream-syslog.js +310 -0
  500. package/lib/vendor/blamejs/lib/log-stream-webhook.js +199 -0
  501. package/lib/vendor/blamejs/lib/log-stream.js +584 -0
  502. package/lib/vendor/blamejs/lib/log.js +625 -0
  503. package/lib/vendor/blamejs/lib/lro.js +200 -0
  504. package/lib/vendor/blamejs/lib/mail-agent.js +786 -0
  505. package/lib/vendor/blamejs/lib/mail-arc-sign.js +417 -0
  506. package/lib/vendor/blamejs/lib/mail-arf.js +343 -0
  507. package/lib/vendor/blamejs/lib/mail-auth.js +2144 -0
  508. package/lib/vendor/blamejs/lib/mail-bimi.js +1047 -0
  509. package/lib/vendor/blamejs/lib/mail-bounce.js +955 -0
  510. package/lib/vendor/blamejs/lib/mail-crypto-pgp.js +1286 -0
  511. package/lib/vendor/blamejs/lib/mail-crypto-smime.js +789 -0
  512. package/lib/vendor/blamejs/lib/mail-crypto.js +108 -0
  513. package/lib/vendor/blamejs/lib/mail-dav.js +1224 -0
  514. package/lib/vendor/blamejs/lib/mail-deploy.js +1119 -0
  515. package/lib/vendor/blamejs/lib/mail-dkim.js +1250 -0
  516. package/lib/vendor/blamejs/lib/mail-greylist.js +448 -0
  517. package/lib/vendor/blamejs/lib/mail-helo.js +473 -0
  518. package/lib/vendor/blamejs/lib/mail-journal.js +435 -0
  519. package/lib/vendor/blamejs/lib/mail-mdn.js +424 -0
  520. package/lib/vendor/blamejs/lib/mail-rbl.js +392 -0
  521. package/lib/vendor/blamejs/lib/mail-require-tls.js +198 -0
  522. package/lib/vendor/blamejs/lib/mail-scan.js +502 -0
  523. package/lib/vendor/blamejs/lib/mail-send-deliver.js +629 -0
  524. package/lib/vendor/blamejs/lib/mail-server-imap.js +1858 -0
  525. package/lib/vendor/blamejs/lib/mail-server-jmap.js +1565 -0
  526. package/lib/vendor/blamejs/lib/mail-server-managesieve.js +908 -0
  527. package/lib/vendor/blamejs/lib/mail-server-mx.js +969 -0
  528. package/lib/vendor/blamejs/lib/mail-server-pop3.js +915 -0
  529. package/lib/vendor/blamejs/lib/mail-server-rate-limit.js +315 -0
  530. package/lib/vendor/blamejs/lib/mail-server-registry.js +378 -0
  531. package/lib/vendor/blamejs/lib/mail-server-submission.js +1396 -0
  532. package/lib/vendor/blamejs/lib/mail-server-tls.js +445 -0
  533. package/lib/vendor/blamejs/lib/mail-sieve.js +557 -0
  534. package/lib/vendor/blamejs/lib/mail-spam-score.js +284 -0
  535. package/lib/vendor/blamejs/lib/mail-srs.js +248 -0
  536. package/lib/vendor/blamejs/lib/mail-store-fts.js +394 -0
  537. package/lib/vendor/blamejs/lib/mail-store.js +929 -0
  538. package/lib/vendor/blamejs/lib/mail-unsubscribe.js +400 -0
  539. package/lib/vendor/blamejs/lib/mail.js +1971 -0
  540. package/lib/vendor/blamejs/lib/mcp-tool-registry.js +473 -0
  541. package/lib/vendor/blamejs/lib/mcp.js +950 -0
  542. package/lib/vendor/blamejs/lib/metrics.js +1503 -0
  543. package/lib/vendor/blamejs/lib/middleware/age-gate.js +177 -0
  544. package/lib/vendor/blamejs/lib/middleware/ai-act-disclosure.js +203 -0
  545. package/lib/vendor/blamejs/lib/middleware/api-encrypt.js +981 -0
  546. package/lib/vendor/blamejs/lib/middleware/assetlinks.js +137 -0
  547. package/lib/vendor/blamejs/lib/middleware/asyncapi-serve.js +171 -0
  548. package/lib/vendor/blamejs/lib/middleware/attach-user.js +220 -0
  549. package/lib/vendor/blamejs/lib/middleware/bearer-auth.js +293 -0
  550. package/lib/vendor/blamejs/lib/middleware/body-parser.js +1519 -0
  551. package/lib/vendor/blamejs/lib/middleware/bot-disclose.js +183 -0
  552. package/lib/vendor/blamejs/lib/middleware/bot-guard.js +217 -0
  553. package/lib/vendor/blamejs/lib/middleware/clear-site-data.js +122 -0
  554. package/lib/vendor/blamejs/lib/middleware/compose-pipeline.js +355 -0
  555. package/lib/vendor/blamejs/lib/middleware/compression.js +489 -0
  556. package/lib/vendor/blamejs/lib/middleware/cookies.js +130 -0
  557. package/lib/vendor/blamejs/lib/middleware/cors.js +386 -0
  558. package/lib/vendor/blamejs/lib/middleware/csp-nonce.js +388 -0
  559. package/lib/vendor/blamejs/lib/middleware/csp-report.js +167 -0
  560. package/lib/vendor/blamejs/lib/middleware/csrf-protect.js +499 -0
  561. package/lib/vendor/blamejs/lib/middleware/daily-byte-quota.js +243 -0
  562. package/lib/vendor/blamejs/lib/middleware/db-role-for.js +304 -0
  563. package/lib/vendor/blamejs/lib/middleware/dpop.js +402 -0
  564. package/lib/vendor/blamejs/lib/middleware/error-handler.js +69 -0
  565. package/lib/vendor/blamejs/lib/middleware/fetch-metadata.js +168 -0
  566. package/lib/vendor/blamejs/lib/middleware/flag-context.js +110 -0
  567. package/lib/vendor/blamejs/lib/middleware/gpc.js +153 -0
  568. package/lib/vendor/blamejs/lib/middleware/headers.js +242 -0
  569. package/lib/vendor/blamejs/lib/middleware/health.js +438 -0
  570. package/lib/vendor/blamejs/lib/middleware/host-allowlist.js +189 -0
  571. package/lib/vendor/blamejs/lib/middleware/idempotency-key.js +964 -0
  572. package/lib/vendor/blamejs/lib/middleware/index.js +183 -0
  573. package/lib/vendor/blamejs/lib/middleware/nel.js +214 -0
  574. package/lib/vendor/blamejs/lib/middleware/network-allowlist.js +237 -0
  575. package/lib/vendor/blamejs/lib/middleware/no-cache.js +106 -0
  576. package/lib/vendor/blamejs/lib/middleware/openapi-serve.js +177 -0
  577. package/lib/vendor/blamejs/lib/middleware/protected-resource-metadata.js +277 -0
  578. package/lib/vendor/blamejs/lib/middleware/rate-limit.js +556 -0
  579. package/lib/vendor/blamejs/lib/middleware/request-id.js +79 -0
  580. package/lib/vendor/blamejs/lib/middleware/request-log.js +205 -0
  581. package/lib/vendor/blamejs/lib/middleware/require-aal.js +138 -0
  582. package/lib/vendor/blamejs/lib/middleware/require-auth.js +144 -0
  583. package/lib/vendor/blamejs/lib/middleware/require-bound-key.js +290 -0
  584. package/lib/vendor/blamejs/lib/middleware/require-content-type.js +113 -0
  585. package/lib/vendor/blamejs/lib/middleware/require-methods.js +97 -0
  586. package/lib/vendor/blamejs/lib/middleware/require-mtls.js +212 -0
  587. package/lib/vendor/blamejs/lib/middleware/require-step-up.js +226 -0
  588. package/lib/vendor/blamejs/lib/middleware/scim-server.js +375 -0
  589. package/lib/vendor/blamejs/lib/middleware/security-headers.js +285 -0
  590. package/lib/vendor/blamejs/lib/middleware/security-txt.js +170 -0
  591. package/lib/vendor/blamejs/lib/middleware/span-http-server.js +280 -0
  592. package/lib/vendor/blamejs/lib/middleware/speculation-rules.js +323 -0
  593. package/lib/vendor/blamejs/lib/middleware/sse.js +200 -0
  594. package/lib/vendor/blamejs/lib/middleware/trace-log-correlation.js +167 -0
  595. package/lib/vendor/blamejs/lib/middleware/trace-propagate.js +148 -0
  596. package/lib/vendor/blamejs/lib/middleware/tus-upload.js +749 -0
  597. package/lib/vendor/blamejs/lib/middleware/web-app-manifest.js +164 -0
  598. package/lib/vendor/blamejs/lib/migration-files.js +37 -0
  599. package/lib/vendor/blamejs/lib/migrations.js +385 -0
  600. package/lib/vendor/blamejs/lib/mime-parse.js +198 -0
  601. package/lib/vendor/blamejs/lib/money.js +699 -0
  602. package/lib/vendor/blamejs/lib/mtls-ca.js +572 -0
  603. package/lib/vendor/blamejs/lib/mtls-engine-default.js +501 -0
  604. package/lib/vendor/blamejs/lib/network-byte-quota.js +308 -0
  605. package/lib/vendor/blamejs/lib/network-dns-resolver.js +533 -0
  606. package/lib/vendor/blamejs/lib/network-dns.js +1930 -0
  607. package/lib/vendor/blamejs/lib/network-heartbeat.js +425 -0
  608. package/lib/vendor/blamejs/lib/network-nts.js +574 -0
  609. package/lib/vendor/blamejs/lib/network-proxy.js +265 -0
  610. package/lib/vendor/blamejs/lib/network-smtp-policy.js +836 -0
  611. package/lib/vendor/blamejs/lib/network-tls.js +3126 -0
  612. package/lib/vendor/blamejs/lib/network.js +346 -0
  613. package/lib/vendor/blamejs/lib/nis2-report.js +181 -0
  614. package/lib/vendor/blamejs/lib/nist-crosswalk.js +293 -0
  615. package/lib/vendor/blamejs/lib/nonce-store.js +177 -0
  616. package/lib/vendor/blamejs/lib/notify.js +683 -0
  617. package/lib/vendor/blamejs/lib/ntp-check.js +458 -0
  618. package/lib/vendor/blamejs/lib/numeric-bounds.js +111 -0
  619. package/lib/vendor/blamejs/lib/numeric-checks.js +40 -0
  620. package/lib/vendor/blamejs/lib/object-store/azure-blob-bucket-ops.js +349 -0
  621. package/lib/vendor/blamejs/lib/object-store/azure-blob.js +488 -0
  622. package/lib/vendor/blamejs/lib/object-store/gcs-bucket-ops.js +351 -0
  623. package/lib/vendor/blamejs/lib/object-store/gcs.js +515 -0
  624. package/lib/vendor/blamejs/lib/object-store/http-put.js +153 -0
  625. package/lib/vendor/blamejs/lib/object-store/http-request.js +38 -0
  626. package/lib/vendor/blamejs/lib/object-store/index.js +197 -0
  627. package/lib/vendor/blamejs/lib/object-store/local.js +163 -0
  628. package/lib/vendor/blamejs/lib/object-store/sigv4-bucket-ops.js +1133 -0
  629. package/lib/vendor/blamejs/lib/object-store/sigv4.js +957 -0
  630. package/lib/vendor/blamejs/lib/observability-otlp-exporter.js +420 -0
  631. package/lib/vendor/blamejs/lib/observability-tracer.js +395 -0
  632. package/lib/vendor/blamejs/lib/observability.js +720 -0
  633. package/lib/vendor/blamejs/lib/openapi-paths-builder.js +248 -0
  634. package/lib/vendor/blamejs/lib/openapi-schema-walk.js +192 -0
  635. package/lib/vendor/blamejs/lib/openapi-security.js +169 -0
  636. package/lib/vendor/blamejs/lib/openapi-yaml.js +154 -0
  637. package/lib/vendor/blamejs/lib/openapi.js +489 -0
  638. package/lib/vendor/blamejs/lib/otel-export.js +278 -0
  639. package/lib/vendor/blamejs/lib/outbox.js +547 -0
  640. package/lib/vendor/blamejs/lib/pagination.js +542 -0
  641. package/lib/vendor/blamejs/lib/parsers/index.js +91 -0
  642. package/lib/vendor/blamejs/lib/parsers/safe-env.js +642 -0
  643. package/lib/vendor/blamejs/lib/parsers/safe-ini.js +293 -0
  644. package/lib/vendor/blamejs/lib/parsers/safe-toml.js +784 -0
  645. package/lib/vendor/blamejs/lib/parsers/safe-xml.js +390 -0
  646. package/lib/vendor/blamejs/lib/parsers/safe-yaml.js +1015 -0
  647. package/lib/vendor/blamejs/lib/permissions.js +793 -0
  648. package/lib/vendor/blamejs/lib/pick.js +105 -0
  649. package/lib/vendor/blamejs/lib/pqc-agent.js +351 -0
  650. package/lib/vendor/blamejs/lib/pqc-gate.js +279 -0
  651. package/lib/vendor/blamejs/lib/pqc-software.js +271 -0
  652. package/lib/vendor/blamejs/lib/problem-details.js +482 -0
  653. package/lib/vendor/blamejs/lib/process-spawn.js +196 -0
  654. package/lib/vendor/blamejs/lib/promise-pool.js +162 -0
  655. package/lib/vendor/blamejs/lib/protobuf-encoder.js +190 -0
  656. package/lib/vendor/blamejs/lib/protocol-dispatcher.js +161 -0
  657. package/lib/vendor/blamejs/lib/public-suffix.js +403 -0
  658. package/lib/vendor/blamejs/lib/pubsub-cluster.js +154 -0
  659. package/lib/vendor/blamejs/lib/pubsub-redis.js +167 -0
  660. package/lib/vendor/blamejs/lib/pubsub.js +463 -0
  661. package/lib/vendor/blamejs/lib/queue-local.js +476 -0
  662. package/lib/vendor/blamejs/lib/queue-redis.js +745 -0
  663. package/lib/vendor/blamejs/lib/queue-sqs.js +319 -0
  664. package/lib/vendor/blamejs/lib/queue.js +1016 -0
  665. package/lib/vendor/blamejs/lib/redact.js +1007 -0
  666. package/lib/vendor/blamejs/lib/redis-client.js +520 -0
  667. package/lib/vendor/blamejs/lib/render.js +285 -0
  668. package/lib/vendor/blamejs/lib/request-helpers.js +767 -0
  669. package/lib/vendor/blamejs/lib/resource-access-lock.js +116 -0
  670. package/lib/vendor/blamejs/lib/restore-bundle.js +340 -0
  671. package/lib/vendor/blamejs/lib/restore-rollback.js +365 -0
  672. package/lib/vendor/blamejs/lib/restore.js +409 -0
  673. package/lib/vendor/blamejs/lib/retention.js +640 -0
  674. package/lib/vendor/blamejs/lib/retry.js +523 -0
  675. package/lib/vendor/blamejs/lib/router.js +1289 -0
  676. package/lib/vendor/blamejs/lib/safe-async.js +1184 -0
  677. package/lib/vendor/blamejs/lib/safe-buffer.js +562 -0
  678. package/lib/vendor/blamejs/lib/safe-decompress.js +297 -0
  679. package/lib/vendor/blamejs/lib/safe-dns.js +665 -0
  680. package/lib/vendor/blamejs/lib/safe-ical.js +634 -0
  681. package/lib/vendor/blamejs/lib/safe-icap.js +502 -0
  682. package/lib/vendor/blamejs/lib/safe-json.js +946 -0
  683. package/lib/vendor/blamejs/lib/safe-jsonpath.js +285 -0
  684. package/lib/vendor/blamejs/lib/safe-mime.js +831 -0
  685. package/lib/vendor/blamejs/lib/safe-mount-info.js +306 -0
  686. package/lib/vendor/blamejs/lib/safe-path.js +254 -0
  687. package/lib/vendor/blamejs/lib/safe-redirect.js +106 -0
  688. package/lib/vendor/blamejs/lib/safe-schema.js +1810 -0
  689. package/lib/vendor/blamejs/lib/safe-sieve.js +684 -0
  690. package/lib/vendor/blamejs/lib/safe-smtp.js +185 -0
  691. package/lib/vendor/blamejs/lib/safe-sql.js +363 -0
  692. package/lib/vendor/blamejs/lib/safe-url.js +428 -0
  693. package/lib/vendor/blamejs/lib/safe-vcard.js +473 -0
  694. package/lib/vendor/blamejs/lib/sandbox-worker.js +135 -0
  695. package/lib/vendor/blamejs/lib/sandbox.js +358 -0
  696. package/lib/vendor/blamejs/lib/scheduler.js +827 -0
  697. package/lib/vendor/blamejs/lib/sd-notify.js +269 -0
  698. package/lib/vendor/blamejs/lib/sec-cyber.js +214 -0
  699. package/lib/vendor/blamejs/lib/security-assert.js +395 -0
  700. package/lib/vendor/blamejs/lib/seeders.js +620 -0
  701. package/lib/vendor/blamejs/lib/self-update-standalone-verifier.js +309 -0
  702. package/lib/vendor/blamejs/lib/self-update.js +804 -0
  703. package/lib/vendor/blamejs/lib/server-timing.js +174 -0
  704. package/lib/vendor/blamejs/lib/session-device-binding.js +431 -0
  705. package/lib/vendor/blamejs/lib/session-stores.js +138 -0
  706. package/lib/vendor/blamejs/lib/session.js +1162 -0
  707. package/lib/vendor/blamejs/lib/slug.js +381 -0
  708. package/lib/vendor/blamejs/lib/sse.js +349 -0
  709. package/lib/vendor/blamejs/lib/ssrf-guard.js +792 -0
  710. package/lib/vendor/blamejs/lib/standard-webhooks.js +183 -0
  711. package/lib/vendor/blamejs/lib/static.js +1249 -0
  712. package/lib/vendor/blamejs/lib/storage.js +1272 -0
  713. package/lib/vendor/blamejs/lib/stream-throttle.js +235 -0
  714. package/lib/vendor/blamejs/lib/structured-fields.js +244 -0
  715. package/lib/vendor/blamejs/lib/subject.js +667 -0
  716. package/lib/vendor/blamejs/lib/tcpa-10dlc.js +175 -0
  717. package/lib/vendor/blamejs/lib/template.js +931 -0
  718. package/lib/vendor/blamejs/lib/tenant-quota.js +545 -0
  719. package/lib/vendor/blamejs/lib/test-harness.js +275 -0
  720. package/lib/vendor/blamejs/lib/testing.js +1185 -0
  721. package/lib/vendor/blamejs/lib/time.js +578 -0
  722. package/lib/vendor/blamejs/lib/tls-exporter.js +239 -0
  723. package/lib/vendor/blamejs/lib/totp.js +318 -0
  724. package/lib/vendor/blamejs/lib/tracing.js +546 -0
  725. package/lib/vendor/blamejs/lib/uuid.js +207 -0
  726. package/lib/vendor/blamejs/lib/validate-opts.js +381 -0
  727. package/lib/vendor/blamejs/lib/vault/index.js +638 -0
  728. package/lib/vendor/blamejs/lib/vault/passphrase-ops.js +311 -0
  729. package/lib/vendor/blamejs/lib/vault/passphrase-source.js +198 -0
  730. package/lib/vendor/blamejs/lib/vault/rotate.js +803 -0
  731. package/lib/vendor/blamejs/lib/vault/seal-pem-file.js +471 -0
  732. package/lib/vendor/blamejs/lib/vault/wrap.js +296 -0
  733. package/lib/vendor/blamejs/lib/vault-aad.js +259 -0
  734. package/lib/vendor/blamejs/lib/vendor/.vendor-data-pubkey +4 -0
  735. package/lib/vendor/blamejs/lib/vendor/MANIFEST.json +161 -0
  736. package/lib/vendor/blamejs/lib/vendor/bimi-trust-anchors.data.js +68 -0
  737. package/lib/vendor/blamejs/lib/vendor/bimi-trust-anchors.pem +33 -0
  738. package/lib/vendor/blamejs/lib/vendor/common-passwords-top-10000.data.js +1325 -0
  739. package/lib/vendor/blamejs/lib/vendor/common-passwords-top-10000.txt +10002 -0
  740. package/lib/vendor/blamejs/lib/vendor/noble-ciphers.cjs +9 -0
  741. package/lib/vendor/blamejs/lib/vendor/noble-post-quantum.cjs +18 -0
  742. package/lib/vendor/blamejs/lib/vendor/pki.cjs +181 -0
  743. package/lib/vendor/blamejs/lib/vendor/public-suffix-list.dat +16382 -0
  744. package/lib/vendor/blamejs/lib/vendor/public-suffix-list.data.js +5881 -0
  745. package/lib/vendor/blamejs/lib/vendor/simplewebauthn-server.cjs +328 -0
  746. package/lib/vendor/blamejs/lib/vendor/vendor-data-pubkey.js +16 -0
  747. package/lib/vendor/blamejs/lib/vendor-data.js +520 -0
  748. package/lib/vendor/blamejs/lib/vex.js +630 -0
  749. package/lib/vendor/blamejs/lib/watcher.js +608 -0
  750. package/lib/vendor/blamejs/lib/web-push-vapid.js +322 -0
  751. package/lib/vendor/blamejs/lib/webhook.js +977 -0
  752. package/lib/vendor/blamejs/lib/websocket-channels.js +327 -0
  753. package/lib/vendor/blamejs/lib/websocket.js +1561 -0
  754. package/lib/vendor/blamejs/lib/wiki-concepts.js +338 -0
  755. package/lib/vendor/blamejs/lib/worker-pool.js +464 -0
  756. package/lib/vendor/blamejs/lib/ws-client.js +978 -0
  757. package/lib/vendor/blamejs/lib/xml-c14n.js +506 -0
  758. package/lib/vendor/blamejs/memory/specs/node-26-map-getorinsert-migration.md +164 -0
  759. package/lib/vendor/blamejs/oss-fuzz/projects/blamejs/Dockerfile +19 -0
  760. package/lib/vendor/blamejs/oss-fuzz/projects/blamejs/README.md +88 -0
  761. package/lib/vendor/blamejs/oss-fuzz/projects/blamejs/build.sh +26 -0
  762. package/lib/vendor/blamejs/oss-fuzz/projects/blamejs/project.yaml +28 -0
  763. package/lib/vendor/blamejs/package.json +81 -0
  764. package/lib/vendor/blamejs/release-notes/v0.0.x.json +310 -0
  765. package/lib/vendor/blamejs/release-notes/v0.1.x.json +1798 -0
  766. package/lib/vendor/blamejs/release-notes/v0.10.x.json +1288 -0
  767. package/lib/vendor/blamejs/release-notes/v0.11.x.json +2551 -0
  768. package/lib/vendor/blamejs/release-notes/v0.12.0.json +64 -0
  769. package/lib/vendor/blamejs/release-notes/v0.12.1.json +32 -0
  770. package/lib/vendor/blamejs/release-notes/v0.12.2.json +45 -0
  771. package/lib/vendor/blamejs/release-notes/v0.2.x.json +706 -0
  772. package/lib/vendor/blamejs/release-notes/v0.3.x.json +786 -0
  773. package/lib/vendor/blamejs/release-notes/v0.4.x.json +588 -0
  774. package/lib/vendor/blamejs/release-notes/v0.5.x.json +390 -0
  775. package/lib/vendor/blamejs/release-notes/v0.6.x.json +1947 -0
  776. package/lib/vendor/blamejs/release-notes/v0.7.x.json +3811 -0
  777. package/lib/vendor/blamejs/release-notes/v0.8.x.json +3318 -0
  778. package/lib/vendor/blamejs/release-notes/v0.9.x.json +2257 -0
  779. package/lib/vendor/blamejs/scripts/build-vendored-sbom.js +325 -0
  780. package/lib/vendor/blamejs/scripts/check-api-snapshot.js +62 -0
  781. package/lib/vendor/blamejs/scripts/check-changelog-extract.js +108 -0
  782. package/lib/vendor/blamejs/scripts/check-pack-against-gitignore.js +83 -0
  783. package/lib/vendor/blamejs/scripts/check-services.js +483 -0
  784. package/lib/vendor/blamejs/scripts/check-vendor-currency.js +349 -0
  785. package/lib/vendor/blamejs/scripts/consolidate-release-notes.js +216 -0
  786. package/lib/vendor/blamejs/scripts/gen-migrating.js +275 -0
  787. package/lib/vendor/blamejs/scripts/generate-changelog-entry.js +577 -0
  788. package/lib/vendor/blamejs/scripts/generate-release-signing-key.js +79 -0
  789. package/lib/vendor/blamejs/scripts/publish-dep-confusion-placeholder.sh +101 -0
  790. package/lib/vendor/blamejs/scripts/refresh-api-snapshot.js +31 -0
  791. package/lib/vendor/blamejs/scripts/refresh-vendor-manifest.js +132 -0
  792. package/lib/vendor/blamejs/scripts/release.js +652 -0
  793. package/lib/vendor/blamejs/scripts/sha3-digest.js +62 -0
  794. package/lib/vendor/blamejs/scripts/sign-release-artifact.js +92 -0
  795. package/lib/vendor/blamejs/scripts/test-integration.js +181 -0
  796. package/lib/vendor/blamejs/scripts/test-wiki-integration.js +126 -0
  797. package/lib/vendor/blamejs/scripts/validate-source-comment-blocks.js +77 -0
  798. package/lib/vendor/blamejs/scripts/vendor-data-gen.js +186 -0
  799. package/lib/vendor/blamejs/scripts/vendor-data-keygen.js +101 -0
  800. package/lib/vendor/blamejs/scripts/vendor-update.sh +278 -0
  801. package/lib/vendor/blamejs/test/00-primitives.js +19075 -0
  802. package/lib/vendor/blamejs/test/10-state.js +622 -0
  803. package/lib/vendor/blamejs/test/20-db.js +561 -0
  804. package/lib/vendor/blamejs/test/30-chain.js +2110 -0
  805. package/lib/vendor/blamejs/test/40-consumers.js +2453 -0
  806. package/lib/vendor/blamejs/test/50-integration.js +486 -0
  807. package/lib/vendor/blamejs/test/_helpers.js +10 -0
  808. package/lib/vendor/blamejs/test/_smoke-worker.js +69 -0
  809. package/lib/vendor/blamejs/test/fixtures/exploit-corpus/corpus.json +368 -0
  810. package/lib/vendor/blamejs/test/fixtures/http-client-stream-payload.txt +2 -0
  811. package/lib/vendor/blamejs/test/fixtures/worker-pool/echo.js +52 -0
  812. package/lib/vendor/blamejs/test/helpers/_codebase-shingle-worker.js +24 -0
  813. package/lib/vendor/blamejs/test/helpers/_codebase-shingle.js +203 -0
  814. package/lib/vendor/blamejs/test/helpers/_shape-match.js +513 -0
  815. package/lib/vendor/blamejs/test/helpers/check.js +36 -0
  816. package/lib/vendor/blamejs/test/helpers/cluster.js +70 -0
  817. package/lib/vendor/blamejs/test/helpers/db.js +143 -0
  818. package/lib/vendor/blamejs/test/helpers/drivers.js +207 -0
  819. package/lib/vendor/blamejs/test/helpers/fs-watch.js +101 -0
  820. package/lib/vendor/blamejs/test/helpers/http.js +14 -0
  821. package/lib/vendor/blamejs/test/helpers/index.js +93 -0
  822. package/lib/vendor/blamejs/test/helpers/json-round-trip.js +120 -0
  823. package/lib/vendor/blamejs/test/helpers/mocks.js +20 -0
  824. package/lib/vendor/blamejs/test/helpers/otel.js +13 -0
  825. package/lib/vendor/blamejs/test/helpers/services.js +380 -0
  826. package/lib/vendor/blamejs/test/helpers/wait.js +206 -0
  827. package/lib/vendor/blamejs/test/integration/cache.test.js +235 -0
  828. package/lib/vendor/blamejs/test/integration/cluster-provider-mysql.test.js +174 -0
  829. package/lib/vendor/blamejs/test/integration/federation-auth.test.js +611 -0
  830. package/lib/vendor/blamejs/test/integration/http-client.test.js +129 -0
  831. package/lib/vendor/blamejs/test/integration/log-stream.test.js +219 -0
  832. package/lib/vendor/blamejs/test/integration/mail-crypto-smime.test.js +181 -0
  833. package/lib/vendor/blamejs/test/integration/mail-dkim.test.js +152 -0
  834. package/lib/vendor/blamejs/test/integration/mail-smtp.test.js +161 -0
  835. package/lib/vendor/blamejs/test/integration/mtls-ca.test.js +289 -0
  836. package/lib/vendor/blamejs/test/integration/network-dns.test.js +123 -0
  837. package/lib/vendor/blamejs/test/integration/network-heartbeat.test.js +101 -0
  838. package/lib/vendor/blamejs/test/integration/ntp-check.test.js +89 -0
  839. package/lib/vendor/blamejs/test/integration/object-store-sigv4.test.js +403 -0
  840. package/lib/vendor/blamejs/test/integration/pqc-pkcs8-forward-compat.test.js +271 -0
  841. package/lib/vendor/blamejs/test/integration/pubsub.test.js +137 -0
  842. package/lib/vendor/blamejs/test/integration/queue-redis.test.js +352 -0
  843. package/lib/vendor/blamejs/test/integration/redis-client-tls.test.js +96 -0
  844. package/lib/vendor/blamejs/test/integration/ssrf-guard.test.js +98 -0
  845. package/lib/vendor/blamejs/test/integration/websocket-permessage-deflate.test.js +261 -0
  846. package/lib/vendor/blamejs/test/integration/ws-client-roundtrip.test.js +230 -0
  847. package/lib/vendor/blamejs/test/layer-0-primitives/a2a-tasks.test.js +211 -0
  848. package/lib/vendor/blamejs/test/layer-0-primitives/a2a.test.js +59 -0
  849. package/lib/vendor/blamejs/test/layer-0-primitives/access-lock.test.js +136 -0
  850. package/lib/vendor/blamejs/test/layer-0-primitives/acme.test.js +219 -0
  851. package/lib/vendor/blamejs/test/layer-0-primitives/age-gate.test.js +69 -0
  852. package/lib/vendor/blamejs/test/layer-0-primitives/agent-event-bus.test.js +266 -0
  853. package/lib/vendor/blamejs/test/layer-0-primitives/agent-idempotency.test.js +262 -0
  854. package/lib/vendor/blamejs/test/layer-0-primitives/agent-orchestrator.test.js +390 -0
  855. package/lib/vendor/blamejs/test/layer-0-primitives/agent-posture-chain.test.js +174 -0
  856. package/lib/vendor/blamejs/test/layer-0-primitives/agent-saga.test.js +279 -0
  857. package/lib/vendor/blamejs/test/layer-0-primitives/agent-snapshot.test.js +322 -0
  858. package/lib/vendor/blamejs/test/layer-0-primitives/agent-stream.test.js +227 -0
  859. package/lib/vendor/blamejs/test/layer-0-primitives/agent-tenant.test.js +302 -0
  860. package/lib/vendor/blamejs/test/layer-0-primitives/agent-trace.test.js +150 -0
  861. package/lib/vendor/blamejs/test/layer-0-primitives/ai-adverse-decision.test.js +44 -0
  862. package/lib/vendor/blamejs/test/layer-0-primitives/ai-content-detect.test.js +150 -0
  863. package/lib/vendor/blamejs/test/layer-0-primitives/ai-input.test.js +50 -0
  864. package/lib/vendor/blamejs/test/layer-0-primitives/ai-model-manifest.test.js +96 -0
  865. package/lib/vendor/blamejs/test/layer-0-primitives/ai-pref.test.js +76 -0
  866. package/lib/vendor/blamejs/test/layer-0-primitives/api-encrypt.test.js +1080 -0
  867. package/lib/vendor/blamejs/test/layer-0-primitives/app-shutdown.test.js +311 -0
  868. package/lib/vendor/blamejs/test/layer-0-primitives/archive-zip-stream.test.js +291 -0
  869. package/lib/vendor/blamejs/test/layer-0-primitives/archive.test.js +140 -0
  870. package/lib/vendor/blamejs/test/layer-0-primitives/arg-parser.test.js +267 -0
  871. package/lib/vendor/blamejs/test/layer-0-primitives/asn1-der.test.js +108 -0
  872. package/lib/vendor/blamejs/test/layer-0-primitives/asyncapi.test.js +929 -0
  873. package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-conflict-path.test.js +80 -0
  874. package/lib/vendor/blamejs/test/layer-0-primitives/audit-cve-defensive.test.js +176 -0
  875. package/lib/vendor/blamejs/test/layer-0-primitives/audit-daily-review.test.js +132 -0
  876. package/lib/vendor/blamejs/test/layer-0-primitives/audit-export-cadf.test.js +97 -0
  877. package/lib/vendor/blamejs/test/layer-0-primitives/audit-framework-namespaces.test.js +141 -0
  878. package/lib/vendor/blamejs/test/layer-0-primitives/audit-segregation.test.js +115 -0
  879. package/lib/vendor/blamejs/test/layer-0-primitives/audit-sign-ml-dsa-65.test.js +163 -0
  880. package/lib/vendor/blamejs/test/layer-0-primitives/audit-use-store.test.js +246 -0
  881. package/lib/vendor/blamejs/test/layer-0-primitives/auth-bot-challenge-verifier.test.js +485 -0
  882. package/lib/vendor/blamejs/test/layer-0-primitives/auth-bot-challenge.test.js +331 -0
  883. package/lib/vendor/blamejs/test/layer-0-primitives/auth-jwt-defenses.test.js +352 -0
  884. package/lib/vendor/blamejs/test/layer-0-primitives/auth-lockout.test.js +572 -0
  885. package/lib/vendor/blamejs/test/layer-0-primitives/auth-password-audit.test.js +61 -0
  886. package/lib/vendor/blamejs/test/layer-0-primitives/azure-blob-bucket-ops.test.js +258 -0
  887. package/lib/vendor/blamejs/test/layer-0-primitives/backup-manifest-signature.test.js +105 -0
  888. package/lib/vendor/blamejs/test/layer-0-primitives/backup-worker.test.js +34 -0
  889. package/lib/vendor/blamejs/test/layer-0-primitives/bearer-auth.test.js +107 -0
  890. package/lib/vendor/blamejs/test/layer-0-primitives/body-parser-chunked-malformed.test.js +131 -0
  891. package/lib/vendor/blamejs/test/layer-0-primitives/body-parser-smuggling.test.js +118 -0
  892. package/lib/vendor/blamejs/test/layer-0-primitives/boot-gates.test.js +85 -0
  893. package/lib/vendor/blamejs/test/layer-0-primitives/breach-deadline.test.js +38 -0
  894. package/lib/vendor/blamejs/test/layer-0-primitives/break-glass.test.js +861 -0
  895. package/lib/vendor/blamejs/test/layer-0-primitives/budr.test.js +55 -0
  896. package/lib/vendor/blamejs/test/layer-0-primitives/bundler-engine.test.js +209 -0
  897. package/lib/vendor/blamejs/test/layer-0-primitives/cache-status.test.js +129 -0
  898. package/lib/vendor/blamejs/test/layer-0-primitives/cache.test.js +871 -0
  899. package/lib/vendor/blamejs/test/layer-0-primitives/calendar.test.js +891 -0
  900. package/lib/vendor/blamejs/test/layer-0-primitives/canonical-json-jcs.test.js +43 -0
  901. package/lib/vendor/blamejs/test/layer-0-primitives/cdn-cache-control.test.js +243 -0
  902. package/lib/vendor/blamejs/test/layer-0-primitives/cert.test.js +550 -0
  903. package/lib/vendor/blamejs/test/layer-0-primitives/clear-site-data.test.js +107 -0
  904. package/lib/vendor/blamejs/test/layer-0-primitives/cli-api-key.test.js +147 -0
  905. package/lib/vendor/blamejs/test/layer-0-primitives/cli-audit-verify-chain.test.js +104 -0
  906. package/lib/vendor/blamejs/test/layer-0-primitives/cli-backup.test.js +135 -0
  907. package/lib/vendor/blamejs/test/layer-0-primitives/cli-config-drift.test.js +67 -0
  908. package/lib/vendor/blamejs/test/layer-0-primitives/cli-erase.test.js +75 -0
  909. package/lib/vendor/blamejs/test/layer-0-primitives/cli-file-type.test.js +98 -0
  910. package/lib/vendor/blamejs/test/layer-0-primitives/cli-helpers.test.js +145 -0
  911. package/lib/vendor/blamejs/test/layer-0-primitives/cli-mtls.test.js +133 -0
  912. package/lib/vendor/blamejs/test/layer-0-primitives/cli-password.test.js +97 -0
  913. package/lib/vendor/blamejs/test/layer-0-primitives/cli-restore.test.js +160 -0
  914. package/lib/vendor/blamejs/test/layer-0-primitives/cli-retention.test.js +84 -0
  915. package/lib/vendor/blamejs/test/layer-0-primitives/cli-security.test.js +69 -0
  916. package/lib/vendor/blamejs/test/layer-0-primitives/cli-vault.test.js +142 -0
  917. package/lib/vendor/blamejs/test/layer-0-primitives/client-hints.test.js +133 -0
  918. package/lib/vendor/blamejs/test/layer-0-primitives/cms-codec.test.js +237 -0
  919. package/lib/vendor/blamejs/test/layer-0-primitives/codebase-patterns.test.js +9600 -0
  920. package/lib/vendor/blamejs/test/layer-0-primitives/compliance-ai-act.test.js +575 -0
  921. package/lib/vendor/blamejs/test/layer-0-primitives/compliance-cascade.test.js +89 -0
  922. package/lib/vendor/blamejs/test/layer-0-primitives/compliance-eaa.test.js +36 -0
  923. package/lib/vendor/blamejs/test/layer-0-primitives/compliance-sanctions.test.js +712 -0
  924. package/lib/vendor/blamejs/test/layer-0-primitives/compliance.test.js +278 -0
  925. package/lib/vendor/blamejs/test/layer-0-primitives/config-drift.test.js +97 -0
  926. package/lib/vendor/blamejs/test/layer-0-primitives/config.test.js +424 -0
  927. package/lib/vendor/blamejs/test/layer-0-primitives/content-credentials.test.js +94 -0
  928. package/lib/vendor/blamejs/test/layer-0-primitives/cors.test.js +357 -0
  929. package/lib/vendor/blamejs/test/layer-0-primitives/cra-report.test.js +31 -0
  930. package/lib/vendor/blamejs/test/layer-0-primitives/credential-hash.test.js +226 -0
  931. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-base64url.test.js +86 -0
  932. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-envelope.test.js +85 -0
  933. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hash-files-parallel.test.js +193 -0
  934. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hash-stream.test.js +98 -0
  935. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hpke-pq.test.js +132 -0
  936. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hpke.test.js +155 -0
  937. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-mlkem768-x25519.test.js +129 -0
  938. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-namespace-hash.test.js +0 -0
  939. package/lib/vendor/blamejs/test/layer-0-primitives/crypto-random-int.test.js +72 -0
  940. package/lib/vendor/blamejs/test/layer-0-primitives/csp-builder.test.js +96 -0
  941. package/lib/vendor/blamejs/test/layer-0-primitives/csp-nonce.test.js +401 -0
  942. package/lib/vendor/blamejs/test/layer-0-primitives/csp-report.test.js +34 -0
  943. package/lib/vendor/blamejs/test/layer-0-primitives/csv.test.js +180 -0
  944. package/lib/vendor/blamejs/test/layer-0-primitives/daemon.test.js +210 -0
  945. package/lib/vendor/blamejs/test/layer-0-primitives/daily-byte-quota.test.js +153 -0
  946. package/lib/vendor/blamejs/test/layer-0-primitives/dark-patterns.test.js +66 -0
  947. package/lib/vendor/blamejs/test/layer-0-primitives/data-act.test.js +74 -0
  948. package/lib/vendor/blamejs/test/layer-0-primitives/db-collection-extensions.test.js +226 -0
  949. package/lib/vendor/blamejs/test/layer-0-primitives/db-collection.test.js +136 -0
  950. package/lib/vendor/blamejs/test/layer-0-primitives/db-init-extensions.test.js +165 -0
  951. package/lib/vendor/blamejs/test/layer-0-primitives/db-query-cross-schema.test.js +150 -0
  952. package/lib/vendor/blamejs/test/layer-0-primitives/db-query-extensions.test.js +191 -0
  953. package/lib/vendor/blamejs/test/layer-0-primitives/db-role-for.test.js +228 -0
  954. package/lib/vendor/blamejs/test/layer-0-primitives/db-vacuum.test.js +55 -0
  955. package/lib/vendor/blamejs/test/layer-0-primitives/db-worm.test.js +89 -0
  956. package/lib/vendor/blamejs/test/layer-0-primitives/ddl-change-control.test.js +184 -0
  957. package/lib/vendor/blamejs/test/layer-0-primitives/declare-row-policy.test.js +203 -0
  958. package/lib/vendor/blamejs/test/layer-0-primitives/declare-view.test.js +303 -0
  959. package/lib/vendor/blamejs/test/layer-0-primitives/dns-dnssec-algorithm.test.js +163 -0
  960. package/lib/vendor/blamejs/test/layer-0-primitives/dns-null-mx.test.js +39 -0
  961. package/lib/vendor/blamejs/test/layer-0-primitives/dora.test.js +165 -0
  962. package/lib/vendor/blamejs/test/layer-0-primitives/dr-runbook.test.js +59 -0
  963. package/lib/vendor/blamejs/test/layer-0-primitives/dsr-state-rules.test.js +55 -0
  964. package/lib/vendor/blamejs/test/layer-0-primitives/dsr.test.js +786 -0
  965. package/lib/vendor/blamejs/test/layer-0-primitives/dual-control.test.js +105 -0
  966. package/lib/vendor/blamejs/test/layer-0-primitives/early-hints.test.js +147 -0
  967. package/lib/vendor/blamejs/test/layer-0-primitives/events.test.js +105 -0
  968. package/lib/vendor/blamejs/test/layer-0-primitives/exploit-replay.test.js +243 -0
  969. package/lib/vendor/blamejs/test/layer-0-primitives/external-db-hardening.test.js +181 -0
  970. package/lib/vendor/blamejs/test/layer-0-primitives/external-db-migrate.test.js +190 -0
  971. package/lib/vendor/blamejs/test/layer-0-primitives/external-db-routing.test.js +531 -0
  972. package/lib/vendor/blamejs/test/layer-0-primitives/fal.test.js +118 -0
  973. package/lib/vendor/blamejs/test/layer-0-primitives/fapi2.test.js +89 -0
  974. package/lib/vendor/blamejs/test/layer-0-primitives/fda-21cfr11.test.js +156 -0
  975. package/lib/vendor/blamejs/test/layer-0-primitives/fdx.test.js +79 -0
  976. package/lib/vendor/blamejs/test/layer-0-primitives/fedcm-dbsc.test.js +216 -0
  977. package/lib/vendor/blamejs/test/layer-0-primitives/federation-vc-suite.test.js +434 -0
  978. package/lib/vendor/blamejs/test/layer-0-primitives/fido-mds3.test.js +432 -0
  979. package/lib/vendor/blamejs/test/layer-0-primitives/file-type.test.js +81 -0
  980. package/lib/vendor/blamejs/test/layer-0-primitives/flag.test.js +887 -0
  981. package/lib/vendor/blamejs/test/layer-0-primitives/forensic-snapshot.test.js +51 -0
  982. package/lib/vendor/blamejs/test/layer-0-primitives/fsm.test.js +375 -0
  983. package/lib/vendor/blamejs/test/layer-0-primitives/gcs-bucket-ops.test.js +321 -0
  984. package/lib/vendor/blamejs/test/layer-0-primitives/gdpr-ropa.test.js +41 -0
  985. package/lib/vendor/blamejs/test/layer-0-primitives/graphql-federation.test.js +32 -0
  986. package/lib/vendor/blamejs/test/layer-0-primitives/guard-agent-registry.test.js +87 -0
  987. package/lib/vendor/blamejs/test/layer-0-primitives/guard-all.test.js +328 -0
  988. package/lib/vendor/blamejs/test/layer-0-primitives/guard-archive.test.js +339 -0
  989. package/lib/vendor/blamejs/test/layer-0-primitives/guard-csv.test.js +694 -0
  990. package/lib/vendor/blamejs/test/layer-0-primitives/guard-dsn.test.js +296 -0
  991. package/lib/vendor/blamejs/test/layer-0-primitives/guard-email.test.js +234 -0
  992. package/lib/vendor/blamejs/test/layer-0-primitives/guard-envelope.test.js +192 -0
  993. package/lib/vendor/blamejs/test/layer-0-primitives/guard-event-bus-payload.test.js +89 -0
  994. package/lib/vendor/blamejs/test/layer-0-primitives/guard-event-bus-topic.test.js +71 -0
  995. package/lib/vendor/blamejs/test/layer-0-primitives/guard-filename.test.js +386 -0
  996. package/lib/vendor/blamejs/test/layer-0-primitives/guard-html-wcag.test.js +859 -0
  997. package/lib/vendor/blamejs/test/layer-0-primitives/guard-html.test.js +357 -0
  998. package/lib/vendor/blamejs/test/layer-0-primitives/guard-idempotency-key.test.js +92 -0
  999. package/lib/vendor/blamejs/test/layer-0-primitives/guard-imap-command.test.js +0 -0
  1000. package/lib/vendor/blamejs/test/layer-0-primitives/guard-jmap.test.js +174 -0
  1001. package/lib/vendor/blamejs/test/layer-0-primitives/guard-json.test.js +317 -0
  1002. package/lib/vendor/blamejs/test/layer-0-primitives/guard-list-id.test.js +199 -0
  1003. package/lib/vendor/blamejs/test/layer-0-primitives/guard-list-unsubscribe.test.js +214 -0
  1004. package/lib/vendor/blamejs/test/layer-0-primitives/guard-mail-compose.test.js +111 -0
  1005. package/lib/vendor/blamejs/test/layer-0-primitives/guard-mail-move.test.js +110 -0
  1006. package/lib/vendor/blamejs/test/layer-0-primitives/guard-mail-query.test.js +112 -0
  1007. package/lib/vendor/blamejs/test/layer-0-primitives/guard-mail-reply.test.js +86 -0
  1008. package/lib/vendor/blamejs/test/layer-0-primitives/guard-mail-sieve.test.js +92 -0
  1009. package/lib/vendor/blamejs/test/layer-0-primitives/guard-managesieve-command.test.js +301 -0
  1010. package/lib/vendor/blamejs/test/layer-0-primitives/guard-markdown.test.js +265 -0
  1011. package/lib/vendor/blamejs/test/layer-0-primitives/guard-message-id.test.js +0 -0
  1012. package/lib/vendor/blamejs/test/layer-0-primitives/guard-pop3-command.test.js +161 -0
  1013. package/lib/vendor/blamejs/test/layer-0-primitives/guard-posture-chain.test.js +100 -0
  1014. package/lib/vendor/blamejs/test/layer-0-primitives/guard-saga-config.test.js +79 -0
  1015. package/lib/vendor/blamejs/test/layer-0-primitives/guard-smtp-command.test.js +269 -0
  1016. package/lib/vendor/blamejs/test/layer-0-primitives/guard-snapshot-envelope.test.js +89 -0
  1017. package/lib/vendor/blamejs/test/layer-0-primitives/guard-stream-args.test.js +78 -0
  1018. package/lib/vendor/blamejs/test/layer-0-primitives/guard-svg.test.js +288 -0
  1019. package/lib/vendor/blamejs/test/layer-0-primitives/guard-tenant-id.test.js +69 -0
  1020. package/lib/vendor/blamejs/test/layer-0-primitives/guard-trace-context.test.js +102 -0
  1021. package/lib/vendor/blamejs/test/layer-0-primitives/guard-xml.test.js +202 -0
  1022. package/lib/vendor/blamejs/test/layer-0-primitives/guard-yaml.test.js +203 -0
  1023. package/lib/vendor/blamejs/test/layer-0-primitives/hal.test.js +51 -0
  1024. package/lib/vendor/blamejs/test/layer-0-primitives/honeytoken.test.js +50 -0
  1025. package/lib/vendor/blamejs/test/layer-0-primitives/html-balance.test.js +37 -0
  1026. package/lib/vendor/blamejs/test/layer-0-primitives/http-client-cache.test.js +692 -0
  1027. package/lib/vendor/blamejs/test/layer-0-primitives/http-client-stream.test.js +280 -0
  1028. package/lib/vendor/blamejs/test/layer-0-primitives/http-message-signature.test.js +225 -0
  1029. package/lib/vendor/blamejs/test/layer-0-primitives/i18n-messageformat.test.js +203 -0
  1030. package/lib/vendor/blamejs/test/layer-0-primitives/i18n.test.js +991 -0
  1031. package/lib/vendor/blamejs/test/layer-0-primitives/iab-mspa.test.js +63 -0
  1032. package/lib/vendor/blamejs/test/layer-0-primitives/iab-tcf.test.js +73 -0
  1033. package/lib/vendor/blamejs/test/layer-0-primitives/idempotency-key.test.js +612 -0
  1034. package/lib/vendor/blamejs/test/layer-0-primitives/importmap-integrity.test.js +56 -0
  1035. package/lib/vendor/blamejs/test/layer-0-primitives/inbox.test.js +166 -0
  1036. package/lib/vendor/blamejs/test/layer-0-primitives/incident-report.test.js +29 -0
  1037. package/lib/vendor/blamejs/test/layer-0-primitives/jose-jwe-experimental.test.js +121 -0
  1038. package/lib/vendor/blamejs/test/layer-0-primitives/json-api.test.js +58 -0
  1039. package/lib/vendor/blamejs/test/layer-0-primitives/json-round-trip-helper.test.js +110 -0
  1040. package/lib/vendor/blamejs/test/layer-0-primitives/jwt-external.test.js +159 -0
  1041. package/lib/vendor/blamejs/test/layer-0-primitives/keychain.test.js +0 -0
  1042. package/lib/vendor/blamejs/test/layer-0-primitives/legal-hold.test.js +118 -0
  1043. package/lib/vendor/blamejs/test/layer-0-primitives/local-db-thin.test.js +150 -0
  1044. package/lib/vendor/blamejs/test/layer-0-primitives/log-stream-cloudwatch.test.js +489 -0
  1045. package/lib/vendor/blamejs/test/layer-0-primitives/log-stream-otlp-grpc.test.js +207 -0
  1046. package/lib/vendor/blamejs/test/layer-0-primitives/log-stream-otlp.test.js +283 -0
  1047. package/lib/vendor/blamejs/test/layer-0-primitives/lro.test.js +65 -0
  1048. package/lib/vendor/blamejs/test/layer-0-primitives/mail-agent.test.js +417 -0
  1049. package/lib/vendor/blamejs/test/layer-0-primitives/mail-arf.test.js +208 -0
  1050. package/lib/vendor/blamejs/test/layer-0-primitives/mail-auth.test.js +910 -0
  1051. package/lib/vendor/blamejs/test/layer-0-primitives/mail-bimi.test.js +502 -0
  1052. package/lib/vendor/blamejs/test/layer-0-primitives/mail-bounce.test.js +680 -0
  1053. package/lib/vendor/blamejs/test/layer-0-primitives/mail-canspam.test.js +128 -0
  1054. package/lib/vendor/blamejs/test/layer-0-primitives/mail-crypto-pgp-experimental.test.js +149 -0
  1055. package/lib/vendor/blamejs/test/layer-0-primitives/mail-crypto-pgp.test.js +323 -0
  1056. package/lib/vendor/blamejs/test/layer-0-primitives/mail-crypto-smime.test.js +297 -0
  1057. package/lib/vendor/blamejs/test/layer-0-primitives/mail-dav.test.js +514 -0
  1058. package/lib/vendor/blamejs/test/layer-0-primitives/mail-deploy-tlsrpt.test.js +369 -0
  1059. package/lib/vendor/blamejs/test/layer-0-primitives/mail-deploy.test.js +199 -0
  1060. package/lib/vendor/blamejs/test/layer-0-primitives/mail-dkim.test.js +627 -0
  1061. package/lib/vendor/blamejs/test/layer-0-primitives/mail-feedback-id.test.js +56 -0
  1062. package/lib/vendor/blamejs/test/layer-0-primitives/mail-greylist.test.js +217 -0
  1063. package/lib/vendor/blamejs/test/layer-0-primitives/mail-helo.test.js +283 -0
  1064. package/lib/vendor/blamejs/test/layer-0-primitives/mail-journal.test.js +217 -0
  1065. package/lib/vendor/blamejs/test/layer-0-primitives/mail-mdn.test.js +334 -0
  1066. package/lib/vendor/blamejs/test/layer-0-primitives/mail-rbl.test.js +271 -0
  1067. package/lib/vendor/blamejs/test/layer-0-primitives/mail-require-tls.test.js +128 -0
  1068. package/lib/vendor/blamejs/test/layer-0-primitives/mail-scan.test.js +215 -0
  1069. package/lib/vendor/blamejs/test/layer-0-primitives/mail-send-deliver.test.js +336 -0
  1070. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-imap.test.js +732 -0
  1071. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-jmap.test.js +840 -0
  1072. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-managesieve.test.js +130 -0
  1073. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-mx.test.js +285 -0
  1074. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-pop3.test.js +74 -0
  1075. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-rate-limit.test.js +112 -0
  1076. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-registry.test.js +229 -0
  1077. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-submission.test.js +394 -0
  1078. package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-tls.test.js +147 -0
  1079. package/lib/vendor/blamejs/test/layer-0-primitives/mail-sieve.test.js +151 -0
  1080. package/lib/vendor/blamejs/test/layer-0-primitives/mail-spam-score.test.js +204 -0
  1081. package/lib/vendor/blamejs/test/layer-0-primitives/mail-srs.test.js +152 -0
  1082. package/lib/vendor/blamejs/test/layer-0-primitives/mail-store-fts.test.js +279 -0
  1083. package/lib/vendor/blamejs/test/layer-0-primitives/mail-store.test.js +323 -0
  1084. package/lib/vendor/blamejs/test/layer-0-primitives/mail-unsubscribe.test.js +165 -0
  1085. package/lib/vendor/blamejs/test/layer-0-primitives/mail.test.js +439 -0
  1086. package/lib/vendor/blamejs/test/layer-0-primitives/mcp-tool-registry.test.js +202 -0
  1087. package/lib/vendor/blamejs/test/layer-0-primitives/mcp.test.js +155 -0
  1088. package/lib/vendor/blamejs/test/layer-0-primitives/metrics-shadow-registry.test.js +112 -0
  1089. package/lib/vendor/blamejs/test/layer-0-primitives/metrics-snapshot.test.js +224 -0
  1090. package/lib/vendor/blamejs/test/layer-0-primitives/middleware-compose-pipeline.test.js +278 -0
  1091. package/lib/vendor/blamejs/test/layer-0-primitives/money.test.js +376 -0
  1092. package/lib/vendor/blamejs/test/layer-0-primitives/mtls-ca-paths.test.js +89 -0
  1093. package/lib/vendor/blamejs/test/layer-0-primitives/nel.test.js +200 -0
  1094. package/lib/vendor/blamejs/test/layer-0-primitives/network-allowlist.test.js +106 -0
  1095. package/lib/vendor/blamejs/test/layer-0-primitives/network-byte-quota.test.js +133 -0
  1096. package/lib/vendor/blamejs/test/layer-0-primitives/network-dns-resolver.test.js +372 -0
  1097. package/lib/vendor/blamejs/test/layer-0-primitives/network-dns.test.js +635 -0
  1098. package/lib/vendor/blamejs/test/layer-0-primitives/network-heartbeat-passive.test.js +128 -0
  1099. package/lib/vendor/blamejs/test/layer-0-primitives/network-tls-build-options.test.js +130 -0
  1100. package/lib/vendor/blamejs/test/layer-0-primitives/network-tls-ct-inclusion.test.js +179 -0
  1101. package/lib/vendor/blamejs/test/layer-0-primitives/network-tls.test.js +447 -0
  1102. package/lib/vendor/blamejs/test/layer-0-primitives/network.test.js +369 -0
  1103. package/lib/vendor/blamejs/test/layer-0-primitives/nis2-report.test.js +21 -0
  1104. package/lib/vendor/blamejs/test/layer-0-primitives/nist-crosswalk.test.js +42 -0
  1105. package/lib/vendor/blamejs/test/layer-0-primitives/no-cache.test.js +98 -0
  1106. package/lib/vendor/blamejs/test/layer-0-primitives/notify.test.js +707 -0
  1107. package/lib/vendor/blamejs/test/layer-0-primitives/numeric-bounds.test.js +142 -0
  1108. package/lib/vendor/blamejs/test/layer-0-primitives/oauth-callback.test.js +72 -0
  1109. package/lib/vendor/blamejs/test/layer-0-primitives/observability-tracing.test.js +597 -0
  1110. package/lib/vendor/blamejs/test/layer-0-primitives/observability.test.js +190 -0
  1111. package/lib/vendor/blamejs/test/layer-0-primitives/openapi.test.js +877 -0
  1112. package/lib/vendor/blamejs/test/layer-0-primitives/otel-export.test.js +257 -0
  1113. package/lib/vendor/blamejs/test/layer-0-primitives/pagination.test.js +522 -0
  1114. package/lib/vendor/blamejs/test/layer-0-primitives/parsers-standalone.test.js +216 -0
  1115. package/lib/vendor/blamejs/test/layer-0-primitives/passkey.test.js +324 -0
  1116. package/lib/vendor/blamejs/test/layer-0-primitives/permissions.test.js +546 -0
  1117. package/lib/vendor/blamejs/test/layer-0-primitives/pqc-agent-curve.test.js +153 -0
  1118. package/lib/vendor/blamejs/test/layer-0-primitives/pqc-software.test.js +94 -0
  1119. package/lib/vendor/blamejs/test/layer-0-primitives/problem-details.test.js +195 -0
  1120. package/lib/vendor/blamejs/test/layer-0-primitives/process-spawn.test.js +62 -0
  1121. package/lib/vendor/blamejs/test/layer-0-primitives/promise-pool.test.js +93 -0
  1122. package/lib/vendor/blamejs/test/layer-0-primitives/protected-resource-metadata.test.js +68 -0
  1123. package/lib/vendor/blamejs/test/layer-0-primitives/protobuf-encoder.test.js +138 -0
  1124. package/lib/vendor/blamejs/test/layer-0-primitives/protocol-dispatcher.test.js +174 -0
  1125. package/lib/vendor/blamejs/test/layer-0-primitives/public-suffix.test.js +197 -0
  1126. package/lib/vendor/blamejs/test/layer-0-primitives/pubsub.test.js +232 -0
  1127. package/lib/vendor/blamejs/test/layer-0-primitives/queue-dlq-extend-lease.test.js +178 -0
  1128. package/lib/vendor/blamejs/test/layer-0-primitives/queue-flow-repeat.test.js +322 -0
  1129. package/lib/vendor/blamejs/test/layer-0-primitives/queue-priority-rate-progress.test.js +266 -0
  1130. package/lib/vendor/blamejs/test/layer-0-primitives/queue-sqs.test.js +300 -0
  1131. package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-cluster.test.js +338 -0
  1132. package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-registry.test.js +75 -0
  1133. package/lib/vendor/blamejs/test/layer-0-primitives/redact-dlp.test.js +246 -0
  1134. package/lib/vendor/blamejs/test/layer-0-primitives/redis-client.test.js +130 -0
  1135. package/lib/vendor/blamejs/test/layer-0-primitives/request-helpers.test.js +335 -0
  1136. package/lib/vendor/blamejs/test/layer-0-primitives/request-log.test.js +170 -0
  1137. package/lib/vendor/blamejs/test/layer-0-primitives/require-auth-cache-control.test.js +93 -0
  1138. package/lib/vendor/blamejs/test/layer-0-primitives/require-mtls.test.js +34 -0
  1139. package/lib/vendor/blamejs/test/layer-0-primitives/resource-access-lock.test.js +52 -0
  1140. package/lib/vendor/blamejs/test/layer-0-primitives/retention-floor.test.js +67 -0
  1141. package/lib/vendor/blamejs/test/layer-0-primitives/retry.test.js +535 -0
  1142. package/lib/vendor/blamejs/test/layer-0-primitives/router-cross-origin-redirect.test.js +0 -0
  1143. package/lib/vendor/blamejs/test/layer-0-primitives/router-tls0rtt.test.js +128 -0
  1144. package/lib/vendor/blamejs/test/layer-0-primitives/safe-async-loops.test.js +163 -0
  1145. package/lib/vendor/blamejs/test/layer-0-primitives/safe-async-parallel.test.js +170 -0
  1146. package/lib/vendor/blamejs/test/layer-0-primitives/safe-decompress.test.js +248 -0
  1147. package/lib/vendor/blamejs/test/layer-0-primitives/safe-dns.test.js +451 -0
  1148. package/lib/vendor/blamejs/test/layer-0-primitives/safe-ical.test.js +289 -0
  1149. package/lib/vendor/blamejs/test/layer-0-primitives/safe-icap.test.js +206 -0
  1150. package/lib/vendor/blamejs/test/layer-0-primitives/safe-jsonpath.test.js +104 -0
  1151. package/lib/vendor/blamejs/test/layer-0-primitives/safe-mime.test.js +339 -0
  1152. package/lib/vendor/blamejs/test/layer-0-primitives/safe-mount-info.test.js +180 -0
  1153. package/lib/vendor/blamejs/test/layer-0-primitives/safe-path.test.js +78 -0
  1154. package/lib/vendor/blamejs/test/layer-0-primitives/safe-sieve.test.js +123 -0
  1155. package/lib/vendor/blamejs/test/layer-0-primitives/safe-smtp.test.js +95 -0
  1156. package/lib/vendor/blamejs/test/layer-0-primitives/safe-url-idn-homograph.test.js +77 -0
  1157. package/lib/vendor/blamejs/test/layer-0-primitives/safe-vcard.test.js +257 -0
  1158. package/lib/vendor/blamejs/test/layer-0-primitives/saml-slo.test.js +249 -0
  1159. package/lib/vendor/blamejs/test/layer-0-primitives/sandbox.test.js +228 -0
  1160. package/lib/vendor/blamejs/test/layer-0-primitives/scheduler-exactly-once.test.js +238 -0
  1161. package/lib/vendor/blamejs/test/layer-0-primitives/scim-server.test.js +92 -0
  1162. package/lib/vendor/blamejs/test/layer-0-primitives/sd-jwt-vc.test.js +700 -0
  1163. package/lib/vendor/blamejs/test/layer-0-primitives/sd-notify.test.js +67 -0
  1164. package/lib/vendor/blamejs/test/layer-0-primitives/sec-cyber.test.js +85 -0
  1165. package/lib/vendor/blamejs/test/layer-0-primitives/security-assert.test.js +107 -0
  1166. package/lib/vendor/blamejs/test/layer-0-primitives/security-headers.test.js +175 -0
  1167. package/lib/vendor/blamejs/test/layer-0-primitives/seeders.test.js +816 -0
  1168. package/lib/vendor/blamejs/test/layer-0-primitives/self-update-standalone-verifier.test.js +168 -0
  1169. package/lib/vendor/blamejs/test/layer-0-primitives/self-update.test.js +302 -0
  1170. package/lib/vendor/blamejs/test/layer-0-primitives/server-timing.test.js +93 -0
  1171. package/lib/vendor/blamejs/test/layer-0-primitives/session-device-binding.test.js +247 -0
  1172. package/lib/vendor/blamejs/test/layer-0-primitives/session-extensions.test.js +295 -0
  1173. package/lib/vendor/blamejs/test/layer-0-primitives/shape-match.test.js +142 -0
  1174. package/lib/vendor/blamejs/test/layer-0-primitives/sigv4-bucket-ops.test.js +952 -0
  1175. package/lib/vendor/blamejs/test/layer-0-primitives/sigv4-multipart-sse.test.js +441 -0
  1176. package/lib/vendor/blamejs/test/layer-0-primitives/slug.test.js +330 -0
  1177. package/lib/vendor/blamejs/test/layer-0-primitives/smtp-policy.test.js +233 -0
  1178. package/lib/vendor/blamejs/test/layer-0-primitives/source-comment-blocks.test.js +105 -0
  1179. package/lib/vendor/blamejs/test/layer-0-primitives/speculation-rules.test.js +319 -0
  1180. package/lib/vendor/blamejs/test/layer-0-primitives/sse.test.js +148 -0
  1181. package/lib/vendor/blamejs/test/layer-0-primitives/ssrf-guard.test.js +283 -0
  1182. package/lib/vendor/blamejs/test/layer-0-primitives/standard-webhooks.test.js +67 -0
  1183. package/lib/vendor/blamejs/test/layer-0-primitives/static.test.js +266 -0
  1184. package/lib/vendor/blamejs/test/layer-0-primitives/step-up.test.js +487 -0
  1185. package/lib/vendor/blamejs/test/layer-0-primitives/storage-chunk-scratch.test.js +0 -0
  1186. package/lib/vendor/blamejs/test/layer-0-primitives/storage-presigned-url.test.js +773 -0
  1187. package/lib/vendor/blamejs/test/layer-0-primitives/stream-throttle.test.js +173 -0
  1188. package/lib/vendor/blamejs/test/layer-0-primitives/structured-fields.test.js +180 -0
  1189. package/lib/vendor/blamejs/test/layer-0-primitives/tcpa-10dlc.test.js +66 -0
  1190. package/lib/vendor/blamejs/test/layer-0-primitives/tenant-quota.test.js +89 -0
  1191. package/lib/vendor/blamejs/test/layer-0-primitives/test-coverage.test.js +571 -0
  1192. package/lib/vendor/blamejs/test/layer-0-primitives/test-harness.test.js +190 -0
  1193. package/lib/vendor/blamejs/test/layer-0-primitives/testing-request.test.js +119 -0
  1194. package/lib/vendor/blamejs/test/layer-0-primitives/testing.test.js +522 -0
  1195. package/lib/vendor/blamejs/test/layer-0-primitives/time.test.js +151 -0
  1196. package/lib/vendor/blamejs/test/layer-0-primitives/tls-exporter.test.js +168 -0
  1197. package/lib/vendor/blamejs/test/layer-0-primitives/tls-ocsp-ct.test.js +275 -0
  1198. package/lib/vendor/blamejs/test/layer-0-primitives/tls-ocsp-verify.test.js +105 -0
  1199. package/lib/vendor/blamejs/test/layer-0-primitives/tls-pinset-drift.test.js +35 -0
  1200. package/lib/vendor/blamejs/test/layer-0-primitives/tls-preferred-groups.test.js +81 -0
  1201. package/lib/vendor/blamejs/test/layer-0-primitives/tracing.test.js +280 -0
  1202. package/lib/vendor/blamejs/test/layer-0-primitives/uuid.test.js +93 -0
  1203. package/lib/vendor/blamejs/test/layer-0-primitives/vault-aad.test.js +277 -0
  1204. package/lib/vendor/blamejs/test/layer-0-primitives/vault-seal-pem-file.test.js +252 -0
  1205. package/lib/vendor/blamejs/test/layer-0-primitives/vendor-data.test.js +149 -0
  1206. package/lib/vendor/blamejs/test/layer-0-primitives/vendor-manifest.test.js +92 -0
  1207. package/lib/vendor/blamejs/test/layer-0-primitives/vex.test.js +661 -0
  1208. package/lib/vendor/blamejs/test/layer-0-primitives/watcher.test.js +308 -0
  1209. package/lib/vendor/blamejs/test/layer-0-primitives/web-push-vapid.test.js +144 -0
  1210. package/lib/vendor/blamejs/test/layer-0-primitives/webhook.test.js +674 -0
  1211. package/lib/vendor/blamejs/test/layer-0-primitives/websocket-channels.test.js +360 -0
  1212. package/lib/vendor/blamejs/test/layer-0-primitives/worker-pool.test.js +302 -0
  1213. package/lib/vendor/blamejs/test/layer-0-primitives/ws-client.test.js +349 -0
  1214. package/lib/vendor/blamejs/test/layer-1-state/api-key.test.js +717 -0
  1215. package/lib/vendor/blamejs/test/layer-5-integration/bundler-output.test.js +444 -0
  1216. package/lib/vendor/blamejs/test/layer-5-integration/guard-host-integration.test.js +597 -0
  1217. package/lib/vendor/blamejs/test/layer-5-integration/security-chaos.test.js +308 -0
  1218. package/lib/vendor/blamejs/test/smoke.js +431 -0
  1219. package/lib/webhooks.js +305 -0
  1220. package/package.json +43 -0
package/lib/vendor/blamejs/lib/guard-csv.js ADDED
@@ -0,0 +1,1176 @@
1
+ "use strict";
2
+ /**
3
+ * @module b.guardCsv
4
+ * @nav Guards
5
+ * @title Guard Csv
6
+ *
7
+ * @intro
8
+ * CSV content-safety guard — defends against the broader threat
9
+ * catalog operators face when emitting or accepting CSVs sourced from
10
+ * user input. `b.csv.parse` / `b.csv.stringify` handle RFC 4180
11
+ * shape; this module layers the security catalog on top.
12
+ *
13
+ * CSV-injection / formula-trigger defense: spreadsheet evaluators
14
+ * (Excel / LibreOffice / Google Sheets) treat any cell beginning with
15
+ * `=`, `+`, `-`, `@`, TAB, CR, LF, or `|` as a formula — including
16
+ * exfiltration vectors like `=WEBSERVICE(...)`, `=HYPERLINK(...)`,
17
+ * `=IMPORTXML(...)`. Full-width variants (U+FF1D `=`, U+FF0B `+`,
18
+ * U+FF0D `-`, U+FF20 `@`) are caught alongside the ASCII triggers
19
+ * per the OWASP locale catalog. Five mitigation modes apply:
20
+ * `prefix-tab` (OWASP-recommended, prepends TAB so the evaluator
21
+ * treats the cell as text), `prefix-quote` (legacy `'` prefix),
22
+ * `wrap-with-quotes-and-prefix` (email-attachment posture),
23
+ * `reject` (throw), `allowlist` (only documented safe functions
24
+ * like SUM / AVERAGE pass through unprefixed).
25
+ *
26
+ * Unicode bidi/zero-width strip: CVE-2021-42574 Trojan Source bidi
27
+ * overrides (U+202A-202E, U+2066-2069) are rejected or stripped
28
+ * per profile; zero-width characters (ZWSP / ZWNJ / ZWJ / WJ / SHY)
29
+ * always strip. Leading bidi/zero-width prefixes are stripped before
30
+ * the formula scan so a cell beginning with U+200B`=SUM(...)` cannot
31
+ * slip past the start-anchor check.
32
+ *
33
+ * CSV-bomb caps: per-cell (`maxCellBytes`, default 64 KiB), total
34
+ * (`maxTotalBytes`, default 1 GiB), row count (`maxRows`, default
35
+ * ~1 M), column count (`maxColumns`, default 1024), and a sanitize
36
+ * amplification ratio (`sanitizeAmplificationCap`, default 1.5x)
37
+ * that refuses pathological re-quote expansions.
38
+ *
39
+ * Doubled-quote escape is delegated to `b.csv.stringify` — every
40
+ * cell value containing the delimiter, the quote char, CR, or LF
41
+ * is wrapped in quotes with embedded quotes doubled per RFC 4180.
42
+ *
43
+ * Profiles: `strict` / `balanced` / `permissive` /
44
+ * `email-attachment`. Compliance postures: `hipaa` / `pci-dss` /
45
+ * `gdpr` / `soc2`. Operators select via `{ profile: "strict" }` or
46
+ * `{ compliance: "hipaa" }`; postures overlay on top of the
47
+ * profile baseline.
48
+ *
49
+ * Threat-detection regex literals are composed programmatically
50
+ * from numeric codepoint ranges so the source file stays pure
51
+ * ASCII — never embeds the attack characters themselves.
52
+ *
53
+ * @card
54
+ * CSV content-safety guard — defends against the broader threat catalog operators face when emitting or accepting CSVs sourced from user input.
55
+ */
56
+
57
+ var codepointClass = require("./codepoint-class");
58
+ var csv = require("./csv");
59
+ var C = require("./constants");
60
+ var lazyRequire = require("./lazy-require");
61
+ var numericBounds = require("./numeric-bounds");
62
+ var gateContract = require("./gate-contract");
63
+ var validateOpts = require("./validate-opts");
64
+ var { GuardCsvError } = require("./framework-error");
65
+
66
+ var observability = lazyRequire(function () { return require("./observability"); });
67
+ void observability;
68
+
69
+ var _err = GuardCsvError.factory;
70
+
71
+ // Shared codepoint catalog (BIDI / C0_CTRL / ZERO_WIDTH ranges and
72
+ // pre-compiled regexes) lives in lib/codepoint-class.js.
73
+
74
+ // CSV-specific homoglyph catalog — visual-confusable letter ranges that
75
+ // homoglyph against ASCII:
76
+ // Cyrillic U+0400-U+04FF
77
+ // Greek U+0370-U+03FF
78
+ // Fullwidth U+FF21-U+FF5A
79
+ var HOMOGLYPH_RANGES = [[0x0400, 0x04FF], [0x0370, 0x03FF], [0xFF21, 0xFF5A]];
80
+
81
+ // Formula-prefix triggers — every char that signals "this cell is a
82
+ // formula" to a spreadsheet evaluator:
83
+ // ASCII = + - @ TAB CR LF |
84
+ // Full-width = U+FF1D + U+FF0B - U+FF0D @ U+FF20
85
+ var FORMULA_PREFIX_CPS = [0x3D, 0x2B, 0x2D, 0x40, 0x09, 0x0D, 0x0A, 0x7C,
86
+ 0xFF1D, 0xFF0B, 0xFF0D, 0xFF20];
87
+
88
+ // Spreadsheet functions on the dangerous-function denylist (per OWASP /
89
+ // bishopfox / Veracode catalogs). Surfaced as critical regardless of the
90
+ // broader formulaInjectionPolicy.
91
+ var DANGEROUS_FUNCTIONS = Object.freeze([
92
+ "WEBSERVICE", "HYPERLINK", "IMAGE", "DDE", "RTD", "CALL",
93
+ "IMPORTXML", "IMPORTRANGE", "IMPORTHTML", "IMPORTFEED", "IMPORTDATA",
94
+ "GOOGLEFINANCE", "GOOGLETRANSLATE",
95
+ ]);
96
+
97
+ // ---- Codepoint helpers (proxied to lib/codepoint-class) ----
98
+
99
+ var HEX_RADIX = 16; // allow:raw-byte-literal — base-16 radix, not byte size
100
+ var _hex4 = codepointClass.hex4;
101
+ var _charClass = codepointClass.charClass;
102
+ var _fromCp = codepointClass.fromCp;
103
+ function _stringFromCps(cps) {
104
+ return cps.map(_fromCp).join("");
105
+ }
106
+
107
+ // ---- Compiled detectors ----
108
+ // Shared regexes pulled from lib/codepoint-class; CSV-specific ones
109
+ // (homoglyph + leading-BOM) compiled here.
110
+
111
+ var BIDI_RE = codepointClass.BIDI_RE;
112
+ var BIDI_RE_G = codepointClass.BIDI_RE_G;
113
+ var C0_CTRL_RE = codepointClass.C0_CTRL_RE;
114
+ var C0_CTRL_RE_G = codepointClass.C0_CTRL_RE_G;
115
+ var ZERO_WIDTH_RE = codepointClass.ZERO_WIDTH_RE;
116
+ var ZW_RE_G = codepointClass.ZW_RE_G;
117
+ var NULL_RE_G = codepointClass.NULL_RE_G;
118
+ var HOMOGLYPH_RE = new RegExp("[" + _charClass(HOMOGLYPH_RANGES) + "]"); // allow:dynamic-regex — codepoints from HOMOGLYPH_RANGES literal table
119
+ var HOMOGLYPH_G = new RegExp("[" + _charClass(HOMOGLYPH_RANGES) + "]", "g"); // allow:dynamic-regex — codepoints from HOMOGLYPH_RANGES literal table
120
+ var BOM_RE_LEAD = new RegExp("^" + _hex4(0xFEFF)); // allow:dynamic-regex — single literal codepoint U+FEFF
121
+ var BOM_RE_G = new RegExp(_hex4(0xFEFF), "g"); // allow:dynamic-regex — single literal codepoint U+FEFF
122
+
123
+ // Formula-trigger character class assembled from FORMULA_PREFIX_CPS:
124
+ // [=+\-@\t\r\u3D...] — used inside the "<line-start or delimiter>"
125
+ // formula-prefix scan and the dangerous-function scan.
126
+ var FORMULA_TRIGGER_CLASS = (function () {
127
+ var parts = FORMULA_PREFIX_CPS.map(function (cp) {
128
+ if (cp === 0x2D) return "\\-"; // hyphen literal inside char class
129
+ if (cp === 0x5C) return "\\\\"; // backslash safety
130
+ return _hex4(cp);
131
+ });
132
+ return "[" + parts.join("") + "]";
133
+ })();
134
+
135
+ // allow:dynamic-regex — class composed from FORMULA_PREFIX_CPS literal table
136
+ var FORMULA_SCAN_RE = new RegExp(
137
+ "(^|[,;\\t|])\"?(" + FORMULA_TRIGGER_CLASS + ")"
138
+ );
139
+ // allow:dynamic-regex — class composed from FORMULA_PREFIX_CPS literal table
140
+ var DANGER_SCAN_RE = new RegExp(
141
+ "(^|[,;\\t|])\"?" + FORMULA_TRIGGER_CLASS + "([A-Z][A-Z0-9_.]*)\\b",
142
+ "g"
143
+ );
144
+ // allow:dynamic-regex — class composed from FORMULA_PREFIX_CPS literal table
145
+ var ALLOWLIST_FIRST_WORD_RE = new RegExp(
146
+ "^" + FORMULA_TRIGGER_CLASS + "([A-Z]+)\\b"
147
+ );
148
+
149
+ var NULL_BYTE = codepointClass.NULL_BYTE;
150
+ var BOM_CHAR = codepointClass.BOM_CHAR;
151
+
152
+ // FORMULA_PREFIXES — array of single-char strings; iteration cost is
153
+ // the same as a Set for n=12. _stringFromCps keeps the source ASCII.
154
+ var FORMULA_PREFIXES = Object.freeze(_stringFromCps(FORMULA_PREFIX_CPS).split(""));
155
+
156
+ // Default row count cap for serialize. 2^20 ~ 1M rows.
157
+ var DEFAULT_MAX_ROWS = 0x100000;
158
+
159
+ // Forensic-snippet sizes per compliance posture.
160
+ var FORENSIC_SNIPPET_HIPAA = C.BYTES.bytes(256);
161
+ var FORENSIC_SNIPPET_PCI_DSS = C.BYTES.bytes(256);
162
+ var FORENSIC_SNIPPET_GDPR = C.BYTES.bytes(128);
163
+ var FORENSIC_SNIPPET_SOC2 = C.BYTES.bytes(512);
164
+
165
+ // ---- Profile presets ----
166
+
167
+ var PROFILES = Object.freeze({
168
+ "strict": {
169
+ formulaInjectionPolicy: "prefix-tab", // OWASP-recommended Excel-resistant mitigation
170
+ bidiCharPolicy: "reject",
171
+ homoglyphPolicy: "audit",
172
+ controlCharPolicy: "reject",
173
+ nullByteHandling: "reject",
174
+ trailingWhitespacePolicy: "trim",
175
+ bomPrefix: false,
176
+ dialectPolicy: "strict",
177
+ nullSemantics: "empty-string",
178
+ numericPrecisionPolicy: "decimal-string-above-safe-int",
179
+ dateFormat: "iso8601",
180
+ },
181
+ "balanced": {
182
+ formulaInjectionPolicy: "prefix-tab",
183
+ bidiCharPolicy: "strip",
184
+ homoglyphPolicy: "audit",
185
+ controlCharPolicy: "strip",
186
+ nullByteHandling: "strip",
187
+ trailingWhitespacePolicy: "preserve",
188
+ bomPrefix: false,
189
+ dialectPolicy: "strict",
190
+ nullSemantics: "empty-string",
191
+ numericPrecisionPolicy: "decimal-string-above-safe-int",
192
+ dateFormat: "iso8601",
193
+ },
194
+ "permissive": {
195
+ formulaInjectionPolicy: "prefix-tab",
196
+ bidiCharPolicy: "audit",
197
+ homoglyphPolicy: "audit",
198
+ controlCharPolicy: "strip",
199
+ nullByteHandling: "strip",
200
+ trailingWhitespacePolicy: "preserve",
201
+ bomPrefix: false,
202
+ dialectPolicy: "permissive",
203
+ nullSemantics: "empty-string",
204
+ numericPrecisionPolicy: "scientific",
205
+ dateFormat: "iso8601",
206
+ },
207
+ "email-attachment": {
208
+ formulaInjectionPolicy: "wrap-with-quotes-and-prefix",
209
+ bidiCharPolicy: "strip",
210
+ homoglyphPolicy: "audit",
211
+ controlCharPolicy: "strip",
212
+ nullByteHandling: "strip",
213
+ trailingWhitespacePolicy: "trim",
214
+ bomPrefix: true,
215
+ dialectPolicy: "strict",
216
+ nullSemantics: "empty-string",
217
+ numericPrecisionPolicy: "decimal-string-above-safe-int",
218
+ dateFormat: "iso8601",
219
+ },
220
+ });
221
+
222
+ var DEFAULTS = Object.freeze({
223
+ delimiter: ",",
224
+ lineEnding: "\r\n",
225
+ encoding: "utf-8",
226
+ locale: "C",
227
+ formulaInjectionPolicy: "prefix-tab",
228
+ formulasAllowlist: Object.freeze(["SUM", "AVERAGE", "COUNT", "MIN", "MAX", "IF", "CONCATENATE"]),
229
+ dangerousFunctions: DANGEROUS_FUNCTIONS,
230
+ bomPrefix: false,
231
+ maxRows: DEFAULT_MAX_ROWS,
232
+ maxCellBytes: C.BYTES.kib(64),
233
+ maxTotalBytes: C.BYTES.gib(1),
234
+ maxColumns: 0x400,
235
+ sanitizeAmplificationCap: 1.5,
236
+ controlCharPolicy: "reject",
237
+ bidiCharPolicy: "reject",
238
+ homoglyphPolicy: "audit",
239
+ nullByteHandling: "reject",
240
+ trailingWhitespacePolicy: "trim",
241
+ dialectPolicy: "strict",
242
+ nullSemantics: "empty-string",
243
+ nullMarker: "\\N",
244
+ preserveLeadingZeros: false,
245
+ preserveBooleanStrings: false,
246
+ preserveDateStrings: false,
247
+ dateFormat: "iso8601",
248
+ numericPrecisionPolicy: "decimal-string-above-safe-int",
249
+ piiPolicy: "preserve",
250
+ forensicSnippetBytes: 0,
251
+ mode: "enforce",
252
+ maxRuntimeMs: C.TIME.seconds(30),
253
+ });
254
+
255
+ var COMPLIANCE_POSTURES = Object.freeze({
256
+ "hipaa": {
257
+ formulaInjectionPolicy: "prefix-tab",
258
+ bidiCharPolicy: "reject",
259
+ controlCharPolicy: "reject",
260
+ nullByteHandling: "reject",
261
+ piiPolicy: "redact",
262
+ forensicSnippetBytes: FORENSIC_SNIPPET_HIPAA,
263
+ },
264
+ "pci-dss": {
265
+ formulaInjectionPolicy: "prefix-tab",
266
+ bidiCharPolicy: "reject",
267
+ controlCharPolicy: "reject",
268
+ nullByteHandling: "reject",
269
+ piiPolicy: "redact",
270
+ forensicSnippetBytes: FORENSIC_SNIPPET_PCI_DSS,
271
+ },
272
+ "gdpr": {
273
+ formulaInjectionPolicy: "prefix-tab",
274
+ bidiCharPolicy: "strip",
275
+ controlCharPolicy: "strip",
276
+ piiPolicy: "redact",
277
+ forensicSnippetBytes: FORENSIC_SNIPPET_GDPR,
278
+ },
279
+ "soc2": {
280
+ formulaInjectionPolicy: "prefix-tab",
281
+ bidiCharPolicy: "reject",
282
+ controlCharPolicy: "reject",
283
+ nullByteHandling: "reject",
284
+ forensicSnippetBytes: FORENSIC_SNIPPET_SOC2,
285
+ },
286
+ });
287
+
288
+ // ---- Internal helpers ----
289
+
290
+ function _firstMatch(text, re) {
291
+ if (typeof text !== "string") return null;
292
+ var m = text.match(re);
293
+ if (!m) return null;
294
+ return { index: m.index, char: m[0] };
295
+ }
296
+
297
+ function _detectIssues(text, opts) {
298
+ var issues = [];
299
+ if (typeof text !== "string") return issues;
300
+
301
+ var bomIdx = text.indexOf(BOM_CHAR);
302
+ if (bomIdx > 0 || (bomIdx === 0 && !opts.bomPrefix)) {
303
+ issues.push({
304
+ kind: "bom-mid-stream", severity: "high", ruleId: "csv.bom",
305
+ location: bomIdx, snippet: "BOM at byte " + bomIdx,
306
+ });
307
+ }
308
+
309
+ if (opts.bidiCharPolicy !== "allow") {
310
+ var bidiMatch = _firstMatch(text, BIDI_RE);
311
+ if (bidiMatch) {
312
+ issues.push({
313
+ kind: "bidi-override", severity: "critical", ruleId: "csv.bidi",
314
+ location: bidiMatch.index,
315
+ snippet: "Unicode bidi override at byte " + bidiMatch.index +
316
+ " (CVE-2021-42574 Trojan Source)",
317
+ });
318
+ }
319
+ }
320
+
321
+ if (opts.controlCharPolicy !== "allow") {
322
+ var ctrlMatch = _firstMatch(text, C0_CTRL_RE);
323
+ if (ctrlMatch) {
324
+ issues.push({
325
+ kind: "control-char", severity: "high", ruleId: "csv.control",
326
+ location: ctrlMatch.index,
327
+ snippet: "C0 control char U+" + ctrlMatch.char.charCodeAt(0).toString(HEX_RADIX) +
328
+ " at byte " + ctrlMatch.index,
329
+ });
330
+ }
331
+ }
332
+
333
+ var nullIdx = text.indexOf(NULL_BYTE);
334
+ if (nullIdx >= 0 && opts.nullByteHandling !== "allow") {
335
+ issues.push({
336
+ kind: "null-byte", severity: "critical", ruleId: "csv.null-byte",
337
+ location: nullIdx, snippet: "null byte at " + nullIdx,
338
+ });
339
+ }
340
+
341
+ if (opts.homoglyphPolicy !== "allow" && /[A-Za-z]/.test(text)) {
342
+ var homoMatch = _firstMatch(text, HOMOGLYPH_RE);
343
+ if (homoMatch) {
344
+ issues.push({
345
+ kind: "homoglyph", severity: "warn", ruleId: "csv.homoglyph",
346
+ location: homoMatch.index,
347
+ snippet: "homoglyph U+" + homoMatch.char.charCodeAt(0).toString(HEX_RADIX) +
348
+ " mixed with ASCII at byte " + homoMatch.index,
349
+ });
350
+ }
351
+ }
352
+
353
+ var zwMatch = _firstMatch(text, ZERO_WIDTH_RE);
354
+ if (zwMatch) {
355
+ issues.push({
356
+ kind: "zero-width", severity: "warn", ruleId: "csv.zero-width",
357
+ location: zwMatch.index,
358
+ snippet: "zero-width char U+" + zwMatch.char.charCodeAt(0).toString(HEX_RADIX) +
359
+ " at byte " + zwMatch.index,
360
+ });
361
+ }
362
+
363
+ if (opts.formulaInjectionPolicy !== "audit-only" && opts.formulaInjectionPolicy !== "allow") {
364
+ // Strip ZWSP / RTLO / LRM / RLM / BOM at cell-start before the
365
+ // formula scan. Without this, a cell beginning with U+200B (zero-
366
+ // width space), U+202E (RTLO), U+200E/F (LTR/RTL marks), or U+FEFF
367
+ // (BOM) followed by `=` slips past the start-anchor check (the `^`
368
+ // sits before the codepoint, not after) and the formula reaches
369
+ // the spreadsheet evaluator. Browsers + Excel + Sheets all strip
370
+ // these silently — operator users see "=SUM(...)" rendered, the
371
+ // file shipped a hidden bidi prefix that bypassed the scanner.
372
+ // U+200B-200F (ZWSP / ZWNJ / ZWJ / LRM / RLM) +
373
+ // U+202A-202E (LRE / RLE / PDF / LRO / RLO) +
374
+ // U+2066-2069 (LRI / RLI / FSI / PDI) +
375
+ // U+FEFF (BOM) // allow:dynamic-regex — explicit codepoints, no operator input
376
+ var stripped = text.replace(new RegExp("^[\\u200B-\\u200F\\u202A-\\u202E\\u2066-\\u2069\\uFEFF]+"), "");
377
+ var formulaMatch = _firstMatch(stripped, FORMULA_SCAN_RE);
378
+ if (formulaMatch) {
379
+ issues.push({
380
+ kind: "formula-prefix-cell", severity: "critical",
381
+ ruleId: "csv.formula-injection",
382
+ location: formulaMatch.index,
383
+ snippet: "cell beginning with formula trigger " +
384
+ JSON.stringify(formulaMatch.char.slice(-1)) +
385
+ " at byte " + formulaMatch.index +
386
+ (stripped.length !== text.length ? " (after stripping leading bidi/zero-width prefix)" : ""),
387
+ });
388
+ }
389
+ }
390
+
391
+ if (Array.isArray(opts.dangerousFunctions) && opts.dangerousFunctions.length > 0) {
392
+ var dangerIter = text.matchAll(DANGER_SCAN_RE);
393
+ var dangerMatch;
394
+ for (dangerMatch of dangerIter) {
395
+ var fn = dangerMatch[2].toUpperCase();
396
+ if (opts.dangerousFunctions.indexOf(fn) !== -1) {
397
+ issues.push({
398
+ kind: "dangerous-function", severity: "critical",
399
+ ruleId: "csv.dangerous-function",
400
+ location: dangerMatch.index,
401
+ snippet: "spreadsheet function " + JSON.stringify(fn) +
402
+ " is on the dangerous-function denylist (exfiltration / RCE vector)",
403
+ });
404
+ }
405
+ }
406
+ }
407
+
408
+ if (opts.dialectPolicy === "strict") {
409
+ var hasCrlf = text.indexOf("\r\n") !== -1;
410
+ var hasLfOnly = /[^\r]\n/.test(text);
411
+ var hasCrOnly = /\r[^\n]/.test(text);
412
+ if ((hasCrlf && hasLfOnly) || (hasCrlf && hasCrOnly) || (hasLfOnly && hasCrOnly)) {
413
+ issues.push({
414
+ kind: "dialect-mixed-line-endings", severity: "high",
415
+ ruleId: "csv.dialect", snippet: "mixed line endings",
416
+ });
417
+ }
418
+ }
419
+
420
+ return issues;
421
+ }
422
+
423
+ function _stripIssues(text, opts) {
424
+ if (typeof text !== "string") return text;
425
+ var out = text;
426
+ if (opts.bomPrefix !== true) out = out.replace(BOM_RE_LEAD, "");
427
+ out = out.replace(BOM_RE_G, "");
428
+ if (opts.bidiCharPolicy === "strip") out = out.replace(BIDI_RE_G, "");
429
+ if (opts.controlCharPolicy === "strip") out = out.replace(C0_CTRL_RE_G, "");
430
+ if (opts.nullByteHandling === "strip") out = out.replace(NULL_RE_G, "");
431
+ if (opts.homoglyphPolicy === "strip") out = out.replace(HOMOGLYPH_G, "");
432
+ out = out.replace(ZW_RE_G, "");
433
+ if (opts.trailingWhitespacePolicy === "trim") {
434
+ out = out.split("\n").map(function (line) {
435
+ return line.replace(/[ \t]+$/g, "");
436
+ }).join("\n");
437
+ }
438
+ return out;
439
+ }
440
+
441
+ function _resolveOpts(opts) {
442
+ return gateContract.resolveProfileAndPosture(opts, {
443
+ profiles: PROFILES,
444
+ compliancePostures: COMPLIANCE_POSTURES,
445
+ defaults: DEFAULTS,
446
+ errorClass: GuardCsvError,
447
+ errCodePrefix: "csv",
448
+ });
449
+ }
450
+
451
+ // ---- Cell-level escape with full threat application ----
452
+
453
+ /**
454
+ * @primitive b.guardCsv.escapeCell
455
+ * @signature b.guardCsv.escapeCell(value, opts?)
456
+ * @since 0.7.5
457
+ * @status stable
458
+ * @related b.guardCsv.serialize, b.guardCsv.gate, b.csv.stringify
459
+ *
460
+ * Apply the full guard-csv threat catalog to a single cell value:
461
+ * formula-prefix mitigation, null-byte / C0-control / bidi handling,
462
+ * trailing-whitespace policy, numeric-precision policy, and BigInt
463
+ * disposition. Returns the safe string form. Throws `GuardCsvError`
464
+ * when a `reject` policy fires (formula-trigger under
465
+ * `formulaInjectionPolicy: "reject"`, control char under
466
+ * `controlCharPolicy: "reject"`, etc.) or when the cell exceeds
467
+ * `maxCellBytes`.
468
+ *
469
+ * Used internally by `b.guardCsv.serialize` per cell; exposed
470
+ * directly for operators that emit CSV through their own writer
471
+ * (streaming exports, third-party libraries) and only need the
472
+ * per-cell defense.
473
+ *
474
+ * @opts
475
+ * formulaInjectionPolicy: "prefix-tab"|"prefix-quote"|"wrap-with-quotes-and-prefix"|"reject"|"allowlist",
476
+ * formulasAllowlist: string[], // when policy === "allowlist"
477
+ * bidiCharPolicy: "reject"|"strip"|"audit"|"allow",
478
+ * controlCharPolicy: "reject"|"strip"|"allow",
479
+ * nullByteHandling: "reject"|"strip"|"allow",
480
+ * trailingWhitespacePolicy: "trim"|"preserve"|"reject",
481
+ * numericPrecisionPolicy: "decimal-string-above-safe-int"|"scientific"|"reject-bigint",
482
+ * maxCellBytes: number, // default 65536 (64 KiB)
483
+ *
484
+ * @example
485
+ * var safe = b.guardCsv.escapeCell("=cmd|x", { formulaInjectionPolicy: "prefix-tab" });
486
+ * safe; // → "\t=cmd|x"
487
+ *
488
+ * // Reject mode throws GuardCsvError instead of disarming.
489
+ * try {
490
+ * b.guardCsv.escapeCell("+1234567", { formulaInjectionPolicy: "reject" });
491
+ * } catch (e) {
492
+ * e.code; // → "csv.formula-injection"
493
+ * }
494
+ *
495
+ * // Numeric precision: above MAX_SAFE_INTEGER, write as decimal string.
496
+ * var huge = b.guardCsv.escapeCell(9007199254740993, {
497
+ * numericPrecisionPolicy: "decimal-string-above-safe-int",
498
+ * });
499
+ * huge; // → "9007199254740993"
500
+ */
501
+ function escapeCell(value, opts) {
502
+ opts = Object.assign({}, DEFAULTS, opts || {});
503
+ var str = value == null ? "" : String(value);
504
+
505
+ if (str.length > opts.maxCellBytes) {
506
+ throw _err("csv.cell-too-large", "cell exceeds maxCellBytes " + opts.maxCellBytes);
507
+ }
508
+
509
+ if (opts.nullByteHandling === "reject" && str.indexOf(NULL_BYTE) !== -1) {
510
+ throw _err("csv.null-byte", "cell contains null byte");
511
+ }
512
+ if (opts.controlCharPolicy === "reject" && C0_CTRL_RE.test(str)) { // allow:regex-no-length-cap — str length capped by maxCellBytes above
513
+ throw _err("csv.control", "cell contains C0 control character");
514
+ }
515
+ if (opts.bidiCharPolicy === "reject" && BIDI_RE.test(str)) { // allow:regex-no-length-cap — str length capped by maxCellBytes above
516
+ throw _err("csv.bidi", "cell contains Unicode bidi override (CVE-2021-42574)");
517
+ }
518
+
519
+ if (opts.nullByteHandling === "strip") str = str.replace(NULL_RE_G, "");
520
+ if (opts.controlCharPolicy === "strip") str = str.replace(C0_CTRL_RE_G, "");
521
+ if (opts.bidiCharPolicy === "strip") str = str.replace(BIDI_RE_G, "");
522
+
523
+ if (opts.trailingWhitespacePolicy === "trim") {
524
+ str = str.replace(/[ \t]+$/g, "");
525
+ } else if (opts.trailingWhitespacePolicy === "reject" && /[ \t]+$/.test(str)) {
526
+ throw _err("csv.trailing-whitespace", "cell has trailing whitespace");
527
+ }
528
+
529
+ if (typeof value === "number" &&
530
+ opts.numericPrecisionPolicy === "decimal-string-above-safe-int") {
531
+ if (Math.abs(value) > Number.MAX_SAFE_INTEGER) {
532
+ str = value.toLocaleString("en-US", {
533
+ useGrouping: false, maximumFractionDigits: 0,
534
+ });
535
+ }
536
+ }
537
+ if (typeof value === "bigint") {
538
+ if (opts.numericPrecisionPolicy === "reject-bigint") {
539
+ throw _err("csv.bigint", "BigInt values rejected per numericPrecisionPolicy");
540
+ }
541
+ str = value.toString();
542
+ }
543
+
544
+ if (str.length > 0 && FORMULA_PREFIXES.indexOf(str.charAt(0)) !== -1) {
545
+ var policy = opts.formulaInjectionPolicy;
546
+ if (policy === "reject") {
547
+ throw _err("csv.formula-injection",
548
+ "cell starts with formula prefix " + JSON.stringify(str.charAt(0)));
549
+ } else if (policy === "prefix-tab") {
550
+ str = "\t" + str;
551
+ } else if (policy === "prefix-quote") {
552
+ str = "'" + str;
553
+ } else if (policy === "wrap-with-quotes-and-prefix") {
554
+ str = "'" + str;
555
+ } else if (policy === "allowlist") {
556
+ var firstWord = str.match(ALLOWLIST_FIRST_WORD_RE);
557
+ if (firstWord && opts.formulasAllowlist.indexOf(firstWord[1]) === -1) {
558
+ str = "'" + str;
559
+ }
560
+ }
561
+ }
562
+
563
+ return str;
564
+ }
565
+
566
+ // ---- Schema-bound serializer ----
567
+
568
+ /**
569
+ * @primitive b.guardCsv.schema
570
+ * @signature b.guardCsv.schema(spec)
571
+ * @since 0.7.5
572
+ * @status stable
573
+ * @related b.guardCsv.serialize, b.guardCsv.validate
574
+ *
575
+ * Build a schema-bound serializer/validator pair. Each row's column
576
+ * values are checked against the column's `type` (`"string"` /
577
+ * `"number"` / `"boolean"`), optional `regex`, optional `min` / `max`
578
+ * (for numbers), and `nullable` flag before the row reaches
579
+ * `serialize`. Type / range / regex / null violations throw
580
+ * `GuardCsvError` with codes `csv.schema-type` / `csv.schema-range`
581
+ * / `csv.schema-regex` / `csv.schema-null` and the offending row
582
+ * index — operators get the failing-row coordinates without parsing
583
+ * the error string.
584
+ *
585
+ * Returns `{ serialize, validate, columns }`. The returned
586
+ * `serialize` accepts the same opts as `b.guardCsv.serialize` and
587
+ * applies the column ordering automatically.
588
+ *
589
+ * @example
590
+ * var bound = b.guardCsv.schema({
591
+ * columns: [
592
+ * { name: "email", type: "string", regex: /^[^@]+@[^@]+$/ },
593
+ * { name: "age", type: "number", min: 0, max: 150, nullable: true },
594
+ * ],
595
+ * });
596
+ *
597
+ * var out = bound.serialize([
598
+ * { email: "alice@example.com", age: 30 },
599
+ * { email: "bob@example.com", age: null },
600
+ * ], { profile: "strict" });
601
+ * out.indexOf("alice@example.com") !== -1; // → true
602
+ */
603
+ function schema(spec) {
604
+ validateOpts.requireObject(spec, "guardCsv.schema", GuardCsvError);
605
+ if (!Array.isArray(spec.columns)) {
606
+ throw _err("csv.bad-schema", "schema.columns must be an array");
607
+ }
608
+ var cols = spec.columns.slice();
609
+
610
+ return {
611
+ serialize: function (rows, opts) {
612
+ opts = opts || {};
613
+ var validated = [];
614
+ for (var ri = 0; ri < rows.length; ri += 1) {
615
+ var row = rows[ri];
616
+ var validatedRow = {};
617
+ for (var ci = 0; ci < cols.length; ci += 1) {
618
+ var col = cols[ci];
619
+ var v = row[col.name];
620
+ if (v == null) {
621
+ if (col.nullable === false) {
622
+ throw _err("csv.schema-null",
623
+ "column " + JSON.stringify(col.name) +
624
+ " is non-nullable; row " + ri + " has null");
625
+ }
626
+ validatedRow[col.name] = v;
627
+ continue;
628
+ }
629
+ if (col.type === "string" && typeof v !== "string") {
630
+ throw _err("csv.schema-type",
631
+ "column " + JSON.stringify(col.name) +
632
+ " expects string at row " + ri);
633
+ }
634
+ if (col.type === "number" && typeof v !== "number") {
635
+ throw _err("csv.schema-type",
636
+ "column " + JSON.stringify(col.name) +
637
+ " expects number at row " + ri);
638
+ }
639
+ if (col.type === "boolean" && typeof v !== "boolean") {
640
+ throw _err("csv.schema-type",
641
+ "column " + JSON.stringify(col.name) +
642
+ " expects boolean at row " + ri);
643
+ }
644
+ if (col.regex && !col.regex.test(String(v))) {
645
+ throw _err("csv.schema-regex",
646
+ "column " + JSON.stringify(col.name) +
647
+ " value " + JSON.stringify(v) +
648
+ " at row " + ri + " does not match regex " + col.regex);
649
+ }
650
+ if (col.type === "number" && typeof col.min === "number" && v < col.min) {
651
+ throw _err("csv.schema-range",
652
+ "column " + JSON.stringify(col.name) + " < min at row " + ri);
653
+ }
654
+ if (col.type === "number" && typeof col.max === "number" && v > col.max) {
655
+ throw _err("csv.schema-range",
656
+ "column " + JSON.stringify(col.name) + " > max at row " + ri);
657
+ }
658
+ validatedRow[col.name] = v;
659
+ }
660
+ validated.push(validatedRow);
661
+ }
662
+ return serialize(validated, Object.assign({
663
+ headers: cols.map(function (c) { return c.name; }),
664
+ }, opts));
665
+ },
666
+ validate: function (input, opts) {
667
+ return validate(input, Object.assign({ schema: spec }, opts || {}));
668
+ },
669
+ columns: cols,
670
+ };
671
+ }
672
+
673
+ // ---- Module-level entry points ----
674
+
675
+ /**
676
+ * @primitive b.guardCsv.serialize
677
+ * @signature b.guardCsv.serialize(rows, opts?)
678
+ * @since 0.7.5
679
+ * @status stable
680
+ * @compliance hipaa, pci-dss, gdpr, soc2
681
+ * @related b.guardCsv.escapeCell, b.guardCsv.gate, b.csv.stringify
682
+ *
683
+ * Emit RFC 4180 CSV from `rows` (array of objects or array of
684
+ * arrays) with the full guard-csv threat catalog applied per cell
685
+ * — formula-prefix mitigation, bidi/null/control handling,
686
+ * trailing-whitespace policy, numeric-precision policy. Doubled-
687
+ * quote escape is delegated to `b.csv.stringify`. Caps enforced:
688
+ * `maxRows`, `maxCellBytes`, `maxColumns`, `maxTotalBytes` (each
689
+ * a positive finite integer; passing `Infinity` throws).
690
+ *
691
+ * When `piiPolicy: "redact"` is set and an `opts.redact` instance
692
+ * is passed (typically `b.redact.create(...)`), every emitted
693
+ * string cell is run through `redact.string(...)` before
694
+ * stringification. The HIPAA / PCI-DSS / GDPR postures default
695
+ * `piiPolicy` to `"redact"`.
696
+ *
697
+ * @opts
698
+ * profile: "strict"|"balanced"|"permissive"|"email-attachment",
699
+ * compliance: "hipaa"|"pci-dss"|"gdpr"|"soc2",
700
+ * headers: string[]|false, // explicit column order; false suppresses header row
701
+ * delimiter: string, // default ","
702
+ * lineEnding: string, // default "\r\n"
703
+ * bomPrefix: boolean, // prepend U+FEFF (Excel-friendly)
704
+ * maxRows: number, // default 1048576
705
+ * maxCellBytes: number, // default 65536
706
+ * maxColumns: number, // default 1024
707
+ * maxTotalBytes: number, // default 1073741824 (1 GiB)
708
+ * piiPolicy: "preserve"|"redact",
709
+ * redact: b.redact instance, // required when piiPolicy === "redact"
710
+ *
711
+ * @example
712
+ * var out = b.guardCsv.serialize([
713
+ * { name: "alice", note: "=WEBSERVICE(\"http://x\")" },
714
+ * { name: "bob", note: "ok" },
715
+ * ], { profile: "strict" });
716
+ *
717
+ * // Formula trigger disarmed with a leading TAB per OWASP guidance:
718
+ * out.indexOf("\t=WEBSERVICE") !== -1; // → true
719
+ * out.indexOf("\r\n") !== -1; // → true
720
+ */
721
+ function serialize(rows, opts) {
722
+ opts = _resolveOpts(opts);
723
+ numericBounds.requireAllPositiveFiniteIntIfPresent(opts,
724
+ ["maxRows", "maxCellBytes", "maxTotalBytes"],
725
+ "guardCsv.serialize", GuardCsvError, "csv.bad-opt");
726
+
727
+ if (!Array.isArray(rows)) {
728
+ throw _err("csv.bad-input",
729
+ "serialize: rows must be an array, got " + typeof rows);
730
+ }
731
+ if (rows.length > opts.maxRows) {
732
+ throw _err("csv.too-many-rows",
733
+ "row count " + rows.length + " exceeds maxRows " + opts.maxRows);
734
+ }
735
+
736
+ var redactor = (opts.piiPolicy === "redact" && opts.redact) ? opts.redact : null;
737
+
738
+ var escapedRows = [];
739
+ for (var ri = 0; ri < rows.length; ri += 1) {
740
+ var row = rows[ri];
741
+ var escapedRow;
742
+ if (Array.isArray(row)) {
743
+ escapedRow = row.map(function (v) {
744
+ var ev = escapeCell(v, opts);
745
+ if (Buffer.byteLength(ev, "utf8") > opts.maxCellBytes) {
746
+ throw _err("csv.cell-too-large",
747
+ "cell at row " + ri + " exceeds maxCellBytes " + opts.maxCellBytes);
748
+ }
749
+ if (redactor && typeof ev === "string") ev = redactor.string(ev);
750
+ return ev;
751
+ });
752
+ } else if (row !== null && typeof row === "object") {
753
+ escapedRow = {};
754
+ var keys = Object.keys(row);
755
+ if (keys.length > opts.maxColumns) {
756
+ throw _err("csv.too-many-columns",
757
+ "row " + ri + " has " + keys.length + " columns; max " + opts.maxColumns);
758
+ }
759
+ for (var ki = 0; ki < keys.length; ki += 1) {
760
+ var ev2 = escapeCell(row[keys[ki]], opts);
761
+ if (Buffer.byteLength(ev2, "utf8") > opts.maxCellBytes) {
762
+ throw _err("csv.cell-too-large",
763
+ "cell at row " + ri + " column " + JSON.stringify(keys[ki]) +
764
+ " exceeds maxCellBytes");
765
+ }
766
+ if (redactor && typeof ev2 === "string") ev2 = redactor.string(ev2);
767
+ escapedRow[keys[ki]] = ev2;
768
+ }
769
+ } else {
770
+ throw _err("csv.bad-input", "rows must be arrays or plain objects");
771
+ }
772
+ escapedRows.push(escapedRow);
773
+ }
774
+
775
+ var out = csv.stringify(escapedRows, {
776
+ delimiter: opts.delimiter,
777
+ quote: opts.quote || "\"",
778
+ eol: opts.lineEnding,
779
+ alwaysQuote: opts.alwaysQuote || false,
780
+ columns: opts.headers || null,
781
+ header: opts.headers !== false,
782
+ });
783
+
784
+ var totalBytes = Buffer.byteLength(out, "utf8");
785
+ if (opts.bomPrefix) {
786
+ out = BOM_CHAR + out;
787
+ totalBytes += 3;
788
+ }
789
+ if (totalBytes > opts.maxTotalBytes) {
790
+ throw _err("csv.total-too-large",
791
+ "output size " + totalBytes + " bytes exceeds maxTotalBytes " + opts.maxTotalBytes);
792
+ }
793
+ return out;
794
+ }
795
+
796
+ /**
797
+ * @primitive b.guardCsv.validate
798
+ * @signature b.guardCsv.validate(input, opts?)
799
+ * @since 0.7.5
800
+ * @status stable
801
+ * @compliance hipaa, pci-dss, gdpr, soc2
802
+ * @related b.guardCsv.sanitize, b.guardCsv.gate
803
+ *
804
+ * Inspect `input` (string or Buffer of CSV text) and return
805
+ * `{ ok, issues, summary }`. Each issue carries `{ kind, severity,
806
+ * ruleId, location, snippet }` with severity in
807
+ * `"warn"|"high"|"critical"`. Detected: BOM mid-stream, Unicode
808
+ * bidi override (CVE-2021-42574), C0 control char, null byte,
809
+ * homoglyph, zero-width char, formula-prefix cell (bidi/zero-width
810
+ * leading prefix is stripped before the scan), dangerous-function
811
+ * denylist hit, mixed line endings (when `dialectPolicy: "strict"`).
812
+ * Pure inspection — never mutates input or throws.
813
+ *
814
+ * @opts
815
+ * profile: "strict"|"balanced"|"permissive"|"email-attachment",
816
+ * compliance: "hipaa"|"pci-dss"|"gdpr"|"soc2",
817
+ * bidiCharPolicy: "reject"|"strip"|"audit"|"allow",
818
+ * controlCharPolicy: "reject"|"strip"|"allow",
819
+ * nullByteHandling: "reject"|"strip"|"allow",
820
+ * homoglyphPolicy: "audit"|"strip"|"allow",
821
+ * formulaInjectionPolicy: "prefix-tab"|"prefix-quote"|"wrap-with-quotes-and-prefix"|"reject"|"audit-only"|"allow",
822
+ * dangerousFunctions: string[],
823
+ * dialectPolicy: "strict"|"permissive",
824
+ *
825
+ * @example
826
+ * var rv = b.guardCsv.validate("name,formula\r\nalice,=WEBSERVICE(\"x\")\r\n", {
827
+ * profile: "strict",
828
+ * });
829
+ * rv.ok; // → false
830
+ * rv.issues.some(function (i) { return i.kind === "dangerous-function"; }); // → true
831
+ */
832
+ function validate(input, opts) {
833
+ opts = _resolveOpts(opts);
834
+ return gateContract.runIssueValidator(input, opts, _detectIssues);
835
+ }
836
+
837
+ /**
838
+ * @primitive b.guardCsv.sanitize
839
+ * @signature b.guardCsv.sanitize(input, opts?)
840
+ * @since 0.7.5
841
+ * @status stable
842
+ * @related b.guardCsv.validate, b.guardCsv.gate
843
+ *
844
+ * Best-effort cleanup of `input` (string or Buffer): strips leading
845
+ * BOM (when `bomPrefix: false`), bidi override chars (when
846
+ * `bidiCharPolicy: "strip"`), C0 control chars (when
847
+ * `controlCharPolicy: "strip"`), null bytes (when
848
+ * `nullByteHandling: "strip"`), zero-width chars (always), and
849
+ * trailing whitespace per `trailingWhitespacePolicy`. Refuses
850
+ * pathological expansion: when the sanitized output exceeds
851
+ * `sanitizeAmplificationCap` (default 1.5x) the function throws
852
+ * `GuardCsvError("csv.sanitize-amplified")` — sanitize is a
853
+ * shrinking operation by contract, never a growing one.
854
+ *
855
+ * Note: sanitize does NOT prepend formula-trigger mitigations to
856
+ * cells (that's `b.guardCsv.serialize` / `b.guardCsv.escapeCell`'s
857
+ * job, applied during emission). Use the `gate` action chain for
858
+ * accept-side defense — it sanitizes, re-parses, and re-serializes
859
+ * with the formula mitigation baked in.
860
+ *
861
+ * @opts
862
+ * profile: "strict"|"balanced"|"permissive"|"email-attachment",
863
+ * compliance: "hipaa"|"pci-dss"|"gdpr"|"soc2",
864
+ * bidiCharPolicy: "reject"|"strip"|"audit"|"allow",
865
+ * controlCharPolicy: "reject"|"strip"|"allow",
866
+ * nullByteHandling: "reject"|"strip"|"allow",
867
+ * homoglyphPolicy: "audit"|"strip"|"allow",
868
+ * trailingWhitespacePolicy: "trim"|"preserve"|"reject",
869
+ * sanitizeAmplificationCap: number, // default 1.5
870
+ *
871
+ * @example
872
+ * // Build hostile input programmatically so the source stays ASCII.
873
+ * var ZWSP = String.fromCharCode(0x200B);
874
+ * var clean = b.guardCsv.sanitize("name,note\r\nalice,hi" + ZWSP + "\r\n", {
875
+ * profile: "balanced",
876
+ * });
877
+ * clean.indexOf(ZWSP) === -1; // → true
878
+ */
879
+ function sanitize(input, opts) {
880
+ opts = _resolveOpts(opts);
881
+ var text = typeof input === "string"
882
+ ? input
883
+ : (Buffer.isBuffer(input) ? input.toString("utf8") : null);
884
+ if (text == null) {
885
+ throw _err("csv.bad-input", "sanitize requires string or Buffer input");
886
+ }
887
+ var sanitized = _stripIssues(text, opts);
888
+ var amplification = sanitized.length / Math.max(text.length, 1);
889
+ if (amplification > opts.sanitizeAmplificationCap) {
890
+ throw _err("csv.sanitize-amplified",
891
+ "sanitize grew output " + amplification.toFixed(2) +
892
+ "x; cap " + opts.sanitizeAmplificationCap);
893
+ }
894
+ return sanitized;
895
+ }
896
+
897
+ /**
898
+ * @primitive b.guardCsv.detect
899
+ * @signature b.guardCsv.detect(input)
900
+ * @since 0.7.5
901
+ * @status stable
902
+ * @related b.guardCsv.validate, b.csv.parse
903
+ *
904
+ * Sniff dialect heuristics from `input` (string or Buffer): most-
905
+ * frequent delimiter on the first line (`","`, `";"`, `"\t"`,
906
+ * `"|"`), dominant line-ending, header presence (first line starts
907
+ * with an ASCII letter), encoding hint (`"utf-8"` vs `"utf-8-sig"`
908
+ * when a leading BOM is present), and a single-pass `dialect`
909
+ * verdict (`"consistent"` vs `"mixed"` line endings). Returns a
910
+ * confidence score in `[0, 1]`. Pure inspection.
911
+ *
912
+ * @example
913
+ * var d = b.guardCsv.detect("name,age\r\nalice,30\r\nbob,40\r\n");
914
+ * d.delimiter; // → ","
915
+ * d.lineEnding; // → "\r\n"
916
+ * d.hasHeader; // → true
917
+ * d.encoding; // → "utf-8"
918
+ * d.dialect; // → "consistent"
919
+ */
920
+ function detect(input) {
921
+ var text = typeof input === "string"
922
+ ? input
923
+ : (Buffer.isBuffer(input) ? input.toString("utf8") : null);
924
+ if (text == null) {
925
+ return {
926
+ delimiter: null, hasHeader: false, encoding: null,
927
+ lineEnding: null, dialect: "unknown", confidence: 0,
928
+ };
929
+ }
930
+ var crlf = (text.match(/\r\n/g) || []).length;
931
+ var lfOnly = (text.match(/[^\r]\n/g) || []).length;
932
+ var crOnly = (text.match(/\r[^\n]/g) || []).length;
933
+ var lineEnding = crlf >= lfOnly && crlf >= crOnly
934
+ ? "\r\n"
935
+ : (lfOnly >= crOnly ? "\n" : "\r");
936
+ var firstLine = text.split(/\r\n|\r|\n/)[0] || "";
937
+ var counts = { ",": 0, ";": 0, "\t": 0, "|": 0 };
938
+ for (var i = 0; i < firstLine.length; i += 1) {
939
+ var c = firstLine.charAt(i);
940
+ if (counts[c] !== undefined) counts[c] += 1;
941
+ }
942
+ var delim = ","; var max = 0;
943
+ Object.keys(counts).forEach(function (k) {
944
+ if (counts[k] > max) { max = counts[k]; delim = k; }
945
+ });
946
+ return {
947
+ delimiter: delim,
948
+ hasHeader: /^[A-Za-z]/.test(firstLine),
949
+ encoding: text.charCodeAt(0) === 0xFEFF ? "utf-8-sig" : "utf-8",
950
+ lineEnding: lineEnding,
951
+ dialect: (crlf > 0 && (lfOnly > 0 || crOnly > 0)) ? "mixed" : "consistent",
952
+ confidence: max > 0 ? 0.9 : 0.5,
953
+ };
954
+ }
955
+
956
+ // ---- Gate factory (b.gateContract shape) ----
957
+
958
+ /**
959
+ * @primitive b.guardCsv.gate
960
+ * @signature b.guardCsv.gate(opts?)
961
+ * @since 0.7.5
962
+ * @status stable
963
+ * @compliance hipaa, pci-dss, gdpr, soc2
964
+ * @related b.guardCsv.validate, b.guardCsv.sanitize, b.staticServe.create, b.fileUpload.create
965
+ *
966
+ * Build a `b.gateContract` gate suitable for plugging into
967
+ * `b.staticServe({ contentSafety: { ".csv": gate } })`,
968
+ * `b.fileUpload({ contentSafety: { "text/csv": gate } })`,
969
+ * `b.mail`, or `b.objectStore`. Action chain on validation:
970
+ * `serve` (no issues) → `audit-only` (warn-only issues) →
971
+ * `sanitize` (critical/high but no `reject` policy active —
972
+ * sanitize, re-parse, re-serialize so formula mitigation lands)
973
+ * → `refuse` (critical/high under any `reject` policy, or when
974
+ * sanitize fails / amplifies past cap).
975
+ *
976
+ * Operator extensibility: pass `operatorRules: [{ id, severity,
977
+ * detect: fn(ctx)→boolean, reason }]` to inject custom detectors
978
+ * alongside the built-in catalog. Rules run best-effort — a
979
+ * throwing detector is silently skipped (the framework cannot
980
+ * crash a request because an operator rule mishandled bytes).
981
+ *
982
+ * @opts
983
+ * profile: "strict"|"balanced"|"permissive"|"email-attachment",
984
+ * compliance: "hipaa"|"pci-dss"|"gdpr"|"soc2",
985
+ * name: string, // gate identity for audit / observability
986
+ * operatorRules: [{ id: string, severity: "warn"|"high"|"critical",
987
+ * detect: function, reason: string }],
988
+ *
989
+ * @example
990
+ * var csvGate = b.guardCsv.gate({ profile: "strict" });
991
+ *
992
+ * // Wire into staticServe so every served .csv runs through the gate.
993
+ * var serve = b.staticServe.create({
994
+ * root: "/var/data",
995
+ * contentSafety: { ".csv": csvGate },
996
+ * });
997
+ *
998
+ * // Direct invocation for an upload pipeline:
999
+ * var hostile = Buffer.from("name,formula\r\nalice,=cmd|x\r\n", "utf8");
1000
+ * var verdict = await csvGate.check({ bytes: hostile });
1001
+ * verdict.action; // → "refuse"
1002
+ */
1003
+ function gate(opts) {
1004
+ opts = _resolveOpts(opts);
1005
+ return gateContract.buildGuardGate(
1006
+ opts.name || "guardCsv:" + (opts.profile || "default"),
1007
+ opts,
1008
+ async function (ctx) {
1009
+ var text = gateContract.extractBytesAsText(ctx);
1010
+ if (!text) return { ok: true, action: "serve" };
1011
+ var rv = validate(text, opts);
1012
+
1013
+ var operatorIssues = [];
1014
+ if (Array.isArray(opts.operatorRules)) {
1015
+ for (var ri = 0; ri < opts.operatorRules.length; ri += 1) {
1016
+ var rule = opts.operatorRules[ri];
1017
+ try {
1018
+ if (rule.detect && rule.detect({ bytes: text, ctx: ctx })) {
1019
+ operatorIssues.push({
1020
+ kind: rule.id, severity: rule.severity || "warn",
1021
+ ruleId: rule.id, snippet: rule.reason || rule.id,
1022
+ });
1023
+ }
1024
+ } catch (_e) { /* operator rule best-effort */ }
1025
+ }
1026
+ }
1027
+ var allIssues = rv.issues.concat(operatorIssues);
1028
+
1029
+ if (allIssues.length === 0) return { ok: true, action: "serve" };
1030
+ var hasCritical = allIssues.some(function (i) {
1031
+ return i.severity === "critical" || i.severity === "high";
1032
+ });
1033
+ if (!hasCritical) {
1034
+ return { ok: true, action: "audit-only", issues: allIssues };
1035
+ }
1036
+
1037
+ if (opts.formulaInjectionPolicy !== "reject" &&
1038
+ opts.bidiCharPolicy !== "reject" &&
1039
+ opts.controlCharPolicy !== "reject" &&
1040
+ opts.nullByteHandling !== "reject") {
1041
+ try {
1042
+ var clean = sanitize(text, opts);
1043
+ var hasFormulaIssue = allIssues.some(function (i) {
1044
+ return i.kind === "formula-prefix-cell" ||
1045
+ i.kind === "dangerous-function";
1046
+ });
1047
+ if (hasFormulaIssue) {
1048
+ var parsedRows = csv.parse(clean, { header: false });
1049
+ clean = serialize(parsedRows, Object.assign({}, opts, { headers: false }));
1050
+ }
1051
+ return {
1052
+ ok: true, action: "sanitize",
1053
+ sanitized: Buffer.from(clean, "utf8"),
1054
+ issues: allIssues,
1055
+ };
1056
+ } catch (_e) { /* fall through to refuse */ }
1057
+ }
1058
+
1059
+ return { ok: false, action: "refuse", issues: allIssues };
1060
+ });
1061
+ }
1062
+
1063
+ /**
1064
+ * @primitive b.guardCsv.buildProfile
1065
+ * @signature b.guardCsv.buildProfile(opts)
1066
+ * @since 0.7.5
1067
+ * @status stable
1068
+ * @related b.guardCsv.gate, b.guardCsv.compliancePosture
1069
+ *
1070
+ * Compose a derived profile from one or more named bases plus
1071
+ * inline overrides. `opts.extends` is a profile name (`"strict"`
1072
+ * / `"balanced"` / `"permissive"` / `"email-attachment"`) or an
1073
+ * array of names; later entries shadow earlier ones. Inline
1074
+ * `opts` keys win last. Used to keep operator-defined profiles
1075
+ * traceable to a baseline rather than re-typing every key.
1076
+ *
1077
+ * @opts
1078
+ * extends: string|string[], // base profile name(s) to compose
1079
+ * ...: any guard-csv key, // inline override of resolved keys
1080
+ *
1081
+ * @example
1082
+ * var custom = b.guardCsv.buildProfile({
1083
+ * extends: "strict",
1084
+ * trailingWhitespacePolicy: "preserve",
1085
+ * bomPrefix: true,
1086
+ * });
1087
+ * custom.formulaInjectionPolicy; // → "prefix-tab"
1088
+ * custom.bomPrefix; // → true
1089
+ */
1090
+ var buildProfile = gateContract.makeProfileBuilder(PROFILES);
1091
+
1092
+ /**
1093
+ * @primitive b.guardCsv.compliancePosture
1094
+ * @signature b.guardCsv.compliancePosture(name)
1095
+ * @since 0.7.5
1096
+ * @status stable
1097
+ * @compliance hipaa, pci-dss, gdpr, soc2
1098
+ * @related b.guardCsv.gate, b.guardCsv.buildProfile
1099
+ *
1100
+ * Look up a compliance-posture overlay by name (`"hipaa"` /
1101
+ * `"pci-dss"` / `"gdpr"` / `"soc2"`). Returns a shallow clone of
1102
+ * the posture object — the caller may mutate freely. Throws
1103
+ * `GuardCsvError("csv.bad-posture")` on unknown name.
1104
+ *
1105
+ * @example
1106
+ * var posture = b.guardCsv.compliancePosture("hipaa");
1107
+ * posture.piiPolicy; // → "redact"
1108
+ * posture.bidiCharPolicy; // → "reject"
1109
+ */
1110
+ function compliancePosture(name) {
1111
+ return gateContract.lookupCompliancePosture(name, COMPLIANCE_POSTURES, _err, "csv");
1112
+ }
1113
+
1114
+ var _csvRulePacks = gateContract.makeRulePackLoader(GuardCsvError, "csv");
1115
+ /**
1116
+ * @primitive b.guardCsv.loadRulePack
1117
+ * @signature b.guardCsv.loadRulePack(pack)
1118
+ * @since 0.7.5
1119
+ * @status stable
1120
+ * @related b.guardCsv.gate
1121
+ *
1122
+ * Register an operator-supplied rule pack with the guard-csv
1123
+ * registry. The pack is identified by `pack.id` (non-empty
1124
+ * string) and stored for later inspection / dispatch by gates
1125
+ * that opt in via `opts.rulePackId`. Returns the pack object
1126
+ * unchanged on success; throws `GuardCsvError("csv.bad-opt")`
1127
+ * when `pack` is missing or `pack.id` is not a non-empty string.
1128
+ *
1129
+ * @example
1130
+ * var pack = b.guardCsv.loadRulePack({
1131
+ * id: "pii-extra",
1132
+ * rules: [
1133
+ * { id: "ssn-cell", severity: "critical",
1134
+ * detect: function (cell) { return /^\d{3}-\d{2}-\d{4}$/.test(cell); },
1135
+ * reason: "US SSN-shaped value in CSV cell" },
1136
+ * ],
1137
+ * });
1138
+ * pack.id; // → "pii-extra"
1139
+ */
1140
+ var loadRulePack = _csvRulePacks.load;
1141
+
1142
+ module.exports = {
1143
+ // ---- guard-* family registry exports (consumed by b.guardAll) ----
1144
+ NAME: "csv",
1145
+ KIND: "content", // content-bytes guard (consumes ctx.bytes)
1146
+ MIME_TYPES: Object.freeze(["text/csv"]),
1147
+ EXTENSIONS: Object.freeze([".csv"]),
1148
+ // ---- adaptive integration-test fixtures (consumed by layer-5 host harness) ----
1149
+ INTEGRATION_FIXTURES: Object.freeze({
1150
+ kind: "content",
1151
+ contentType: "text/csv",
1152
+ extension: ".csv",
1153
+ benignBytes: Buffer.from("name,age\r\nalice,30\r\n", "utf8"),
1154
+ // Hostile: cell starts with formula trigger `=cmd|x` — strict
1155
+ // profile prepends TAB so spreadsheets disarm at evaluation time;
1156
+ // gate's check returns refuse for any critical/high issue.
1157
+ hostileBytes: Buffer.from("name,formula\r\nalice,=cmd|x\r\n", "utf8"),
1158
+ }),
1159
+ // ---- primitive surface ----
1160
+ serialize: serialize,
1161
+ validate: validate,
1162
+ sanitize: sanitize,
1163
+ escapeCell: escapeCell,
1164
+ detect: detect,
1165
+ schema: schema,
1166
+ gate: gate,
1167
+ buildProfile: buildProfile,
1168
+ compliancePosture: compliancePosture,
1169
+ loadRulePack: loadRulePack,
1170
+ PROFILES: PROFILES,
1171
+ DEFAULTS: DEFAULTS,
1172
+ COMPLIANCE_POSTURES: COMPLIANCE_POSTURES,
1173
+ FORMULA_PREFIXES: FORMULA_PREFIXES,
1174
+ DANGEROUS_FUNCTIONS: DANGEROUS_FUNCTIONS,
1175
+ GuardCsvError: GuardCsvError,
1176
+ };